Skip to content

Hide Navigation Hide TOC

TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)

TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 3
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 3
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3