Skip to content

Hide Navigation Hide TOC

STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)

STRONTIUM has been active since at least 2007. Whereas most modern untargeted malware is ultimately profit-oriented, STRONTIUM mainly seeks sensitive information. Its primary institutional targets have included government bodies, diplomatic institutions, and military forces and installations in NATO member states and certain Eastern European countries. Additional targets have included journalists, political advisors, and organizations associated with political activism in central Asia. STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes. Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016. STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims’ computer.

Cluster A Galaxy A Cluster B Galaxy B Level
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2
Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 3
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 3
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 3
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 3
Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9) Tool Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 3
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362) Tool USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 4
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 4
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 4
OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75) Malpedia OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4