Skip to content

Hide Navigation Hide TOC

Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859)

Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 1
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern 1
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 1
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
Search Threat Vendor Data - T1681 (63b24abc-5702-4745-b1e4-ac70b20a43f2) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 1
Contagious Interview - G1052 (46599a4a-77ee-4697-9474-2683b6464859) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern Social Media - T1593.001 (bbe5b322-e2af-4a5e-9625-a4e62bf84ed3) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern 2
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf) Attack Pattern Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3) Attack Pattern 2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) Attack Pattern 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519) Attack Pattern Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
XORIndex Loader - S1248 (fedd9fcd-1f9c-4be0-9d84-f31e88eb6664) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware 2
HexEval Loader - S1249 (3d7048f1-012e-468c-a18b-1bf98037d62c) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Selective Exclusion - T1679 (9b00925a-7c4b-4e53-bfc8-9a6a806fde03) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware 2
InvisibleFerret - S1245 (1dac60f2-7d53-4a3e-95d1-cb2e875d5491) Malware Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
BeaverTail - S1246 (6055aee2-d1c6-4877-94e9-a3bde9936470) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3