Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
DDKONG - S0255 (d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb) |
Malware |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) |
mitre-tool |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) |
mitre-tool |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
1 |
Rancor - G0075 (f40eb8ce-2a74-4e56-89a1-227021410142) |
Intrusion Set |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
1 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
2 |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
DDKONG - S0255 (d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb) |
Malware |
2 |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
DDKONG - S0255 (d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb) |
Malware |
2 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
DDKONG - S0255 (d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb) |
Malware |
2 |
DDKONG - S0255 (d186c1d6-e3ac-4c3d-a534-9ddfeb8c57bb) |
Malware |
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) |
Attack Pattern |
2 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
2 |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) |
mitre-tool |
2 |
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) |
Attack Pattern |
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) |
mitre-tool |
2 |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) |
mitre-tool |
2 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) |
mitre-tool |
2 |
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) |
Attack Pattern |
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) |
mitre-tool |
2 |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) |
mitre-tool |
2 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) |
mitre-tool |
2 |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
PLAINTEE - S0254 (21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b) |
Malware |
2 |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
2 |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) |
Attack Pattern |
3 |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
3 |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) |
Attack Pattern |
3 |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
3 |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
3 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
3 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
3 |