Skip to content

Hide Navigation Hide TOC

Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A Galaxy A Cluster B Galaxy B Level
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware 2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Sys10 (2ae57534-6aac-4025-8d93-888dab112b45) Malpedia 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d) Tool RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8) Unknown 2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
SslMM (009db412-762d-4256-8df9-eb213be01ffd) Malpedia SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
WinMM (6a100902-7204-4f20-b838-545ed86d4428) Malpedia WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5) Malpedia 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool backspace (23398248-a52a-4a7c-af10-262822d33a4e) Malpedia 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 5