Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)

Hannotog is a type of backdoor malware uniquely assoicated with Lotus Blossom operations since at least 2022.(Citation: Symantec Bilbug 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	1
Hannotog - S1211 (273e2b53-64ec-48be-9ad9-8f3dc0e53718)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2