PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)

PACEMAKER is a credential stealer that was used by APT5 as early as 2020 including activity against US Defense Industrial Base (DIB) companies.(Citation: Mandiant Pulse Secure Zero-Day April 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	1
PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	1
Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	1
PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	PACEMAKER - S1109 (647215dd-29a6-4528-b354-ca8b5e08fca1)	Malware	1
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2