Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)

Agent.btz is a worm that primarily spreads itself via removable devices such as USB drives. It reportedly infected U.S. military networks in 2008. (Citation: Securelist Agent.btz)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	1
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	1
Agent.btz - S0092 (40d3e230-ed32-469f-ba89-be70cc08ab39)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	1
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	2