Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	1
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	1
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	1
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	1
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM (009db412-762d-4256-8df9-eb213be01ffd)	Malpedia	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	WinMM (6a100902-7204-4f20-b838-545ed86d4428)	Malpedia	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8)	Unknown	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	Sys10 (2ae57534-6aac-4025-8d93-888dab112b45)	Malpedia	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d)	Tool	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	3
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5)	Malpedia	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
backspace (23398248-a52a-4a7c-af10-262822d33a4e)	Malpedia	Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5