Hide Navigation Hide TOC

APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)

APT-C-36 is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018. APT-C-36 has targeted government institutions and entities in the financial, energy, and professional manufacturing sectors across Colombia and other Latin American countries.(Citation: QiAnXin APT-C-36 Feb2019)(Citation: Kaspersky BlindEagle AUG 2024)(Citation: Check Point Blind Eagle MAR 2025)(Citation: Recorded Future TAG-144 AUG 2025)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	1
DCRAT - S9017 (2f481072-e9f8-4452-be00-d1d7e43c2edc)	mitre-tool	APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
APT-C-36 - G0099 (c4d50cdf-87ce-407d-86d8-862883485842)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	1
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
HeartCrypt - S9018 (148f947c-aabd-4ba8-b6a3-22b296855119)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Written Content - T1683.001 (6a6f9892-c46a-46db-b331-c09a99200fcf)	Attack Pattern	Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	QuasarRAT - S0262 (da04ac30-27da-4959-a67d-450ce47d9470)	mitre-tool	2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Remcos - S0332 (7cd0bc75-055b-4098-a00e-83dc8beaff14)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Delay Execution - T1678 (a1df809c-7d0e-459f-8fe5-25474bab770b)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
PureCrypter - S9019 (6f22487c-dbbf-4a5b-85ca-a8c85e8f2f80)	Malware	Virtual Machine Discovery - T1673 (6bc7f9aa-b91f-4b23-84b8-5e756eba68eb)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519)	Attack Pattern	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	2
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	2
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	2
Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	2
Caminho - S9016 (97da6467-c9c5-4eb0-84d4-1234e937e534)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Generate Content - T1683 (b512fb8a-18dd-4bfc-bbad-acbaaeb7dde3)	Attack Pattern	Audio-Visual Content - T1683.002 (8f452cb4-cbf4-4522-8b11-448787be95c4)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
DCRAT - S9017 (2f481072-e9f8-4452-be00-d1d7e43c2edc)	mitre-tool	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	2
DCRAT - S9017 (2f481072-e9f8-4452-be00-d1d7e43c2edc)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
DCRAT - S9017 (2f481072-e9f8-4452-be00-d1d7e43c2edc)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
DCRAT - S9017 (2f481072-e9f8-4452-be00-d1d7e43c2edc)	mitre-tool	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	3
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3