Skip to content

Hide Navigation Hide TOC

STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)

STRONTIUM has been active since at least 2007. Whereas most modern untargeted malware is ultimately profit-oriented, STRONTIUM mainly seeks sensitive information. Its primary institutional targets have included government bodies, diplomatic institutions, and military forces and installations in NATO member states and certain Eastern European countries. Additional targets have included journalists, political advisors, and organizations associated with political activism in central Asia. STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes. Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016. STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims’ computer.

Cluster A Galaxy A Cluster B Galaxy B Level
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 3
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 3
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9) Tool Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 3
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 3
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362) Tool USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 4
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 4
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 4
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75) Malpedia 4
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4