Hide Navigation Hide TOC

Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)

Naikon is assessed to be a state-sponsored cyber espionage group attributed to the Chinese People’s Liberation Army’s (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020).(Citation: CameraShy) Active since at least 2010, Naikon has primarily conducted operations against government, military, and civil organizations in Southeast Asia, as well as against international bodies such as the United Nations Development Programme (UNDP) and the Association of Southeast Asian Nations (ASEAN).(Citation: CameraShy)(Citation: Baumgartner Naikon 2015)

While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches.(Citation: Baumgartner Golovkin Naikon 2015)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	1
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	1
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	1
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	1
Naikon - G0019 (2a158b0a-7ef8-43cb-9985-bf34d1e12050)	Intrusion Set	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	RARSTONE (5d2dd6ad-6bb2-45d3-b295-e125d3399c8d)	Tool	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RARSTONE - S0055 (8c553311-0baa-4146-997a-f79acef3d831)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM (009db412-762d-4256-8df9-eb213be01ffd)	Malpedia	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	2
SslMM - S0058 (2fb26586-2b53-4b9a-ad4f-2b3bcb9a2421)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
WinMM (6a100902-7204-4f20-b838-545ed86d4428)	Malpedia	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	WinMM - S0059 (22addc7b-b39f-483d-979a-1b35147da5de)	Malware	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Nebulae - S0630 (22b17791-45bf-45c0-9322-ff1a0af5cf2b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	RainyDay - S0629 (29231689-5837-4a7a-aafc-1b65b3f50cc7)	Malware	2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
Aria-body - S0456 (3161d76a-e2b2-4b97-9906-24909b735386)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	2
HDoor - S0061 (007b44b6-e4c5-480b-b5b9-56f2081b1b7b)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	Private Cluster (5e0a7cf2-6107-4d5f-9dd0-9df38b1fcba8)	Unknown	2
Naikon (2f1fd017-9df6-4759-91fb-e7039609b5ff)	Threat Actor	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Sys10 (2ae57534-6aac-4025-8d93-888dab112b45)	Malpedia	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sys10 - S0060 (7f8730af-f683-423f-9ee1-5f6875a80481)	Malware	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT30 - G0013 (f047ee18-7985-4946-8bfb-4ed754d3a0dd)	Intrusion Set	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
FLASHFLOOD - S0036 (43213480-78f7-4fb3-976f-d48f5f6a4c2a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
NETEAGLE (3bb8052e-8ed2-48e3-a2cf-7358bae8c6b5)	Malpedia	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	NETEAGLE - S0034 (53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2)	Malware	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SHIPSHAPE - S0028 (b1de6916-7a22-4460-8d26-6b5483ffaa2a)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SPACESHIP - S0035 (8b880b41-5139-4807-baa9-309690218719)	Malware	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)	Tool	backspace (23398248-a52a-4a7c-af10-262822d33a4e)	Malpedia	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	5