Skip to content

Hide Navigation Hide TOC

Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A Galaxy A Cluster B Galaxy B Level
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Sys10 (2ae57534-6aac-4025-8d93-888dab112b45) Malpedia 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware 2
Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 2
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8) Unknown 2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff) Threat Actor APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 2
RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d) Tool RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831) Malware 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware SslMM (009db412-762d-4256-8df9-eb213be01ffd) Malpedia 2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421) Malware 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware WinMM (6a100902-7204-4f20-b838-545ed86d4428) Malpedia 2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7) Malware 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set 3
APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd) Intrusion Set SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5) Malpedia 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware 4
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a) Malware 4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware 4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719) Malware Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern 4
backspace (23398248-a52a-4a7c-af10-262822d33a4e) Malpedia Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern 5