Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)

Apostle is malware that has functioned as both a wiper and, in more recent versions, as ransomware. Apostle is written in .NET and shares various programming and functional overlaps with IPsec Helper.(Citation: SentinelOne Agrius 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	1
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Apostle - S1133 (48d96fa0-d027-45aa-a8c3-5d09f65d596d)	Malware	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2