Skip to content

Hide Navigation Hide TOC

APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662)

APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)

Cluster A Galaxy A Cluster B Galaxy B Level
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Acquire and/or use 3rd party software services - T1330 (488da8ed-2887-4ef6-a39a-5b69bc6682c6) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set APT1 (1cb7e1cc-d695-42b1-92f4-fd0112a3c9be) Threat Actor 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Domain registration hijacking - T1326 (aadaee0d-794c-4642-8293-7ec22a99fb1a) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Compromise 3rd party infrastructure to support delivery - T1312 (4900fabf-1142-4c1f-92f5-0b590e049077) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Dynamic DNS - T1333 (54eb2bab-125f-4d1c-b999-0c692860bafe) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set CALENDAR - S0025 (5a84dc36-df0d-4053-9b7c-f0c388a57283) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set GLOOXMAIL - S0026 (f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Lslsass - S0121 (2fab555f-7664-4623-b4e0-1675ae38190b) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Cachedump - S0119 (c9cd7ec9-40b7-49db-80be-1399eddd9c52) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Pass-The-Hash Toolkit - S0122 (a52edc76-328d-4596-85e7-d56ef5a9eb69) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set xCmd - S0123 (4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set pwdump - S0006 (9de2308e-7bed-43a3-8e58-f194b3586700) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54) mitre-tool 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 1
APT1 - G0006 (6a2e693f-24e5-451a-9f88-b36a108e5662) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Acquire and/or use 3rd party software services - T1308 (1a295f87-af63-4d94-b130-039d6221fb11) Attack Pattern Acquire and/or use 3rd party software services - T1330 (488da8ed-2887-4ef6-a39a-5b69bc6682c6) Attack Pattern 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22) Malware 2
WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22) Malware WEBC2 (b5be84b7-bf2c-40d0-85a9-14c040881a98) Tool 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Seasalt - S0345 (b45747dc-87ca-4597-a245-7e16a61bc491) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Compromise 3rd party infrastructure to support delivery - T1334 (e51398e6-53dc-4e9f-a323-e54683d8672b) Attack Pattern Compromise 3rd party infrastructure to support delivery - T1312 (4900fabf-1142-4c1f-92f5-0b590e049077) Attack Pattern 2
Dynamic DNS - T1311 (20a66013-8dab-4ca3-a67d-766c842c561c) Attack Pattern Dynamic DNS - T1333 (54eb2bab-125f-4d1c-b999-0c692860bafe) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern CALENDAR - S0025 (5a84dc36-df0d-4053-9b7c-f0c388a57283) Malware 2
CALENDAR (e2c18713-0a95-4092-a0e9-76358512daad) Tool CALENDAR - S0025 (5a84dc36-df0d-4053-9b7c-f0c388a57283) Malware 2
CALENDAR - S0025 (5a84dc36-df0d-4053-9b7c-f0c388a57283) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 2
Publish/Subscribe Protocols - T1071.005 (241f9ea8-f6ae-4f38-92f5-cef5b7e539dd) Attack Pattern GLOOXMAIL - S0026 (f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2) Malware 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern GLOOXMAIL - S0026 (f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2) Malware 2
GLOOXMAIL (a379f09b-5cec-4bdb-9735-125cef2de073) Tool GLOOXMAIL - S0026 (f2e8c7a1-cae1-45c4-baf0-6f21bdcbb2c2) Malware 2
Lslsass - S0121 (2fab555f-7664-4623-b4e0-1675ae38190b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Cachedump - S0119 (c9cd7ec9-40b7-49db-80be-1399eddd9c52) mitre-tool Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Pass-The-Hash Toolkit - S0122 (a52edc76-328d-4596-85e7-d56ef5a9eb69) mitre-tool 2
xCmd - S0123 (4fa49fc0-9162-4bdb-a37e-7aa3dcb6d38b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
BISCUIT (f1e05a12-ca50-41ab-a963-d7df5bcb141d) Tool BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern BISCUIT - S0017 (b8eb28e4-48a6-40ae-951a-328714f75eda) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
pwdump - S0006 (9de2308e-7bed-43a3-8e58-f194b3586700) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
gsecdump (8410d208-7450-407d-b56c-e5c1ced19632) Malpedia gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54) mitre-tool 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54) mitre-tool 2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 3
PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor 3
Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 3
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool 3
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor 3
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 3
Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool 3
Publish/Subscribe Protocols - T1071.005 (241f9ea8-f6ae-4f38-92f5-cef5b7e539dd) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
GLOOXMAIL (a379f09b-5cec-4bdb-9735-125cef2de073) Tool GlooxMail (18208674-fe8c-447f-9e1d-9ff9a64b2370) Malpedia 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
BISCUIT (f1e05a12-ca50-41ab-a963-d7df5bcb141d) Tool Biscuit (f98b4092-5f32-407c-9015-2da787d70c64) Malpedia 3
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Torn RAT (32a67552-3b31-47bb-8098-078099bbc813) Tool 4
Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT Ghost RAT (225fa6cf-dc9c-4b86-873b-cdf1d9dd3738) Malpedia 5
APT43 (aac49b4e-74e9-49fa-84f9-e340cf8bafbc) Threat Actor Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool 5