Skip to content

Hide Navigation Hide TOC

Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)

Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Search Threat Vendor Data - T1681 (63b24abc-5702-4745-b1e4-ac70b20a43f2) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 1
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 1
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 2
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) Attack Pattern Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519) Attack Pattern Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Selective Exclusion - T1679 (9b00925a-7c4b-4e53-bfc8-9a6a806fde03) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3