Skip to content

Hide Navigation Hide TOC

TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)

TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set 1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool 2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab) Malware 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945) Malware 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326) Malware 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c) Malware 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware 2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 3