Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d)	Tool	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Sys10 (2ae57534-6aac-4025-8d93-888dab112b45)	Malpedia	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
SslMM (009db412-762d-4256-8df9-eb213be01ffd)	Malpedia	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	WinMM (6a100902-7204-4f20-b838-545ed86d4428)	Malpedia	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8)	Unknown	2
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	3
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5)	Malpedia	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	backspace (23398248-a52a-4a7c-af10-262822d33a4e)	Malpedia	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	5