H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)

H1N1 is a malware variant that has been distributed via a campaign using VBA macros to infect victims. Although it initially had only loader capabilities, it has evolved to include information-stealing functionality. (Citation: Cisco H1N1 Part 1)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	H1N1 - S0132 (f8dfbc54-b070-4224-b560-79aaa5f835bd)	Malware	1
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2