CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) |
Attack Pattern |
1 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) |
Attack Pattern |
1 |
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
1 |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
1 |
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
1 |
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
1 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
1 |
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) |
Malware |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
1 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
2 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
2 |
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
2 |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
2 |
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
2 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |