Skip to content

Hide Navigation Hide TOC

APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.

Cluster A Galaxy A Cluster B Galaxy B Level
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Exploitation for Stealth - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0) Attack Pattern 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 3
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9) Tool 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362) Tool USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0) Attack Pattern 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia 3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519) Attack Pattern Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 3
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e) Malpedia 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 4
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 4
OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75) Malpedia OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool 4
Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0) Attack Pattern Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 4
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 4