Skip to content

Hide Navigation Hide TOC

TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)

TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3