<<< Hide Navigation Hide TOC >>>

Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)

Covenant is a multi-platform command and control framework written in .NET. While designed for penetration testing and security research, the tool has also been used by threat actors such as HAFNIUM during operations. Covenant functions through a central listener managing multiple deployed "Grunts" that communicate back to the controller.(Citation: Github Covenant)(Citation: Microsoft HAFNIUM March 2020)

Rows: 17

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern mitre-tool		Clear Attack Pattern mitre-tool	Clear 1 2
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	1
Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	1
Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	1
Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	1
Covenant - S1155 (05fb53c8-e2ac-4e17-a0c9-a0825e1198bf)	mitre-tool	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	1
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	2