| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
1 |
| Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
1 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
1 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
1 |
| Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
1 |
| Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) |
Attack Pattern |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) |
Attack Pattern |
1 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
1 |
| Confucius - G0142 (6eded342-33e5-4451-b6b2-e1c62863129f) |
Intrusion Set |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
1 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
| Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) |
Attack Pattern |
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) |
Attack Pattern |
2 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) |
Attack Pattern |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) |
Attack Pattern |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) |
Attack Pattern |
2 |
| Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) |
Attack Pattern |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) |
Attack Pattern |
2 |
| Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) |
Attack Pattern |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) |
Attack Pattern |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) |
Attack Pattern |
2 |
| Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) |
Attack Pattern |
Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
2 |
| Sunbird - S1082 (feae299d-e34f-4fc9-8545-486d0905bd41) |
Malware |
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
2 |
| Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
2 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
| Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
| Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) |
Attack Pattern |
2 |
| Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) |
Attack Pattern |
2 |
| Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) |
Attack Pattern |
2 |
| Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) |
Attack Pattern |
2 |
| Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) |
Attack Pattern |
Hornbill - S1077 (15d78a95-af6a-4b06-8dae-76bedb0ec5a1) |
Malware |
2 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) |
Attack Pattern |
2 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
2 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) |
Attack Pattern |
2 |
| WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b) |
Malware |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) |
Attack Pattern |
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) |
Attack Pattern |
3 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) |
Attack Pattern |
3 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) |
Attack Pattern |
3 |
| Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3) |
Attack Pattern |
3 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) |
Attack Pattern |
3 |
| User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) |
Attack Pattern |
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) |
Attack Pattern |
3 |
| Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) |
Attack Pattern |
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) |
Attack Pattern |
3 |
| Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) |
Attack Pattern |
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) |
Attack Pattern |
3 |
| Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) |
Attack Pattern |
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) |
Attack Pattern |
3 |
| Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) |
Attack Pattern |
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) |
Attack Pattern |
3 |
| Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) |
Attack Pattern |
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) |
Attack Pattern |
3 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
| Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
3 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
3 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
3 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
3 |
| Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
3 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
3 |
| Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
3 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
3 |