Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	1
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	1
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8)	Unknown	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 (2ae57534-6aac-4025-8d93-888dab112b45)	Malpedia	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d)	Tool	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
SslMM (009db412-762d-4256-8df9-eb213be01ffd)	Malpedia	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	WinMM (6a100902-7204-4f20-b838-545ed86d4428)	Malpedia	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	3
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5)	Malpedia	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
backspace (23398248-a52a-4a7c-af10-262822d33a4e)	Malpedia	Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	5