Hide Navigation Hide TOC

Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)

Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Search Threat Vendor Data - T1681 (63b24abc-5702-4745-b1e4-ac70b20a43f2)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	1
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022)	Attack Pattern	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	1
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	1
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6)	Attack Pattern	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)	Intrusion Set	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3)	Attack Pattern	Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022)	Attack Pattern	2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Selective Exclusion - T1679 (9b00925a-7c4b-4e53-bfc8-9a6a806fde03)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	3