Skip to content

Hide Navigation Hide TOC

Molerats (f7c2e501-73b1-400f-a5d9-2e2e07b7dfde)

In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire police force and banned the use of USB memory sticks. Security researchers subsequently linked these attacks to a broader, yearlong campaign that targeted not just Israelis but Palestinians as well. and as discovered later, even the U.S. and UK governments. Further research revealed a connection between these attacks and members of the so-called “Gaza Hackers Team.” We refer to this campaign as “Molerats.”

Cluster A Galaxy A Cluster B Galaxy B Level
Molerats (f7c2e501-73b1-400f-a5d9-2e2e07b7dfde) Threat Actor Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 1
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware NeD Worm (eedcf785-d011-4e17-96c4-6ff39138ada0) Tool 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 4
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 4
Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool 4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 4
PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool 5
Torn RAT (32a67552-3b31-47bb-8098-078099bbc813) Tool APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor 5
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT 5
Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool APT43 (aac49b4e-74e9-49fa-84f9-e340cf8bafbc) Threat Actor 6
Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT Ghost RAT (225fa6cf-dc9c-4b86-873b-cdf1d9dd3738) Malpedia 6