PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e)

PHOREAL is a signature backdoor used by APT32. (Citation: FireEye APT32 May 2017)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e)	Malware	1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2