Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d)	Tool	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8)	Unknown	2
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	SslMM (009db412-762d-4256-8df9-eb213be01ffd)	Malpedia	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
WinMM (6a100902-7204-4f20-b838-545ed86d4428)	Malpedia	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Sys10 (2ae57534-6aac-4025-8d93-888dab112b45)	Malpedia	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5)	Malpedia	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	backspace (23398248-a52a-4a7c-af10-262822d33a4e)	Malpedia	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	5