PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) |
Microsoft Activity Group actor |
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) |
Threat Actor |
1 |
PLATINUM (154e97b5-47ef-415a-99a6-2157f1b50339) |
Microsoft Activity Group actor |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
1 |
PLATINUM (1fc5671f-5757-43bf-8d6d-a9a93b03713a) |
Threat Actor |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
2 |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) |
Malware |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
2 |
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
PLATINUM - G0068 (f9c06633-dcff-48a1-8588-759e7cec5694) |
Intrusion Set |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
3 |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
3 |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
3 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) |
Malware |
3 |
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) |
Malware |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
3 |
adbupd - S0202 (0f1ad2ef-41d4-4b7a-9304-ddae68ea3005) |
Malware |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
3 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
3 |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
3 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
3 |
JPIN - S0201 (de6cb631-52f6-4169-a73b-7965390b0c30) |
Malware |
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) |
Attack Pattern |
3 |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) |
Attack Pattern |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
3 |
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Dipsind - S0200 (e170995d-4f61-4f17-b60e-04f9a06ee517) |
Malware |
3 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
4 |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
4 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
4 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) |
Attack Pattern |
4 |
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) |
Attack Pattern |
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) |
Attack Pattern |
4 |
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) |
Attack Pattern |
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
4 |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
4 |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
4 |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
4 |
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) |
Attack Pattern |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
4 |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
4 |
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
4 |
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) |
Attack Pattern |
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) |
Attack Pattern |
4 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
4 |