Skip to content

Hide Navigation Hide TOC

TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)

TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3