Skip to content

Hide Navigation Hide TOC

Gamaredon Group (1a77e156-76bc-43f5-bdd7-bd67f30fbbbb)

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.

Cluster A Galaxy A Cluster B Galaxy B Level
Gamaredon Group (1a77e156-76bc-43f5-bdd7-bd67f30fbbbb) Threat Actor Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 1
Gamaredon Group (1a77e156-76bc-43f5-bdd7-bd67f30fbbbb) Threat Actor Aqua Blizzard (fc77a775-d06f-5efc-a6fa-0b2af01902a7) Microsoft Activity Group actor 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 2
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set PowerPunch - S0685 (d52291b4-bb23-45a8-aef0-3dc7e986ba15) Malware 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 2
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Gamaredon Group - G0047 (2e290bfe-93b5-48ce-97d6-edcd6d32b7cf) Intrusion Set Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) Attack Pattern Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 3
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerPunch - S0685 (d52291b4-bb23-45a8-aef0-3dc7e986ba15) Malware 3
PowerPunch - S0685 (d52291b4-bb23-45a8-aef0-3dc7e986ba15) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
PowerPunch - S0685 (d52291b4-bb23-45a8-aef0-3dc7e986ba15) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
PowerPunch - S0685 (d52291b4-bb23-45a8-aef0-3dc7e986ba15) Malware Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Pteranodon (d5138738-846e-4466-830c-cd2bb6ad09cf) Malpedia Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Pteranodon - S0147 (5f9f7648-04ba-4a9f-bb4c-2a13e74572bd) Malware 3
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern QuietSieve - S0686 (03eb4a05-6a02-43f6-afb7-3c7835501828) Malware 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4