Skip to content

Hide Navigation Hide TOC

APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.

Cluster A Galaxy A Cluster B Galaxy B Level
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 1
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 3
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 3
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 3
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9) Tool 3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 3
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362) Tool 3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 4
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 4
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 4
OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75) Malpedia OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia 4