TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)

TERRACOTTA is an ad fraud botnet that has been capable of generating over 2 billion fraudulent requests per week.(Citation: WhiteOps TERRACOTTA)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
Scheduled Task/Job - T1603 (00290ac5-551e-44aa-bbd8-c4b913488a6d)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb)	Attack Pattern	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467)	Attack Pattern	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	1
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	1
TERRACOTTA - S0545 (e296b110-46d3-4f7a-894c-cc71ea50168c)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	2