H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)

H1N1 is a malware variant that has been distributed via a campaign using VBA macros to infect victims. Although it initially had only loader capabilities, it has evolved to include information-stealing functionality. (Citation: Cisco H1N1 Part 1)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2