| Linked Devices - T1676 (a126c117-54e4-4b93-9e4f-72cc964e6760) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) |
Attack Pattern |
1 |
| Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
1 |
| Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) |
Attack Pattern |
1 |
| Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) |
Attack Pattern |
1 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) |
Attack Pattern |
Star Blizzard - G1033 (9b36c218-4d80-4ec6-a68d-cc2886bbe410) |
Intrusion Set |
1 |
| Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) |
Attack Pattern |
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
2 |
| Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) |
Attack Pattern |
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
2 |
| Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) |
Attack Pattern |
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
2 |
| File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
2 |
| Spica - S1140 (824a230d-0f6a-4fd0-99df-8d464db2265e) |
Malware |
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) |
Attack Pattern |
2 |
| Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) |
Attack Pattern |
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) |
Attack Pattern |
2 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
2 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
| Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
2 |
| Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) |
Attack Pattern |
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) |
Attack Pattern |
2 |
| JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) |
Attack Pattern |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
2 |
| Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) |
Attack Pattern |
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) |
Attack Pattern |
2 |
| Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) |
Attack Pattern |
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
3 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
3 |