AcidRain |
Data Destruction, File Deletion, Indicator Removal |
Impact |
AgentTesla |
Spearphishing Attachment, Phishing |
Initial Access |
Amadey |
PowerShell, Command and Scripting Interpreter |
Execution |
AsyncRAT |
Spearphishing Attachment, Phishing |
Initial Access |
AwfulShred |
Unix Shell, Command and Scripting Interpreter |
Execution |
Azorult |
Disable or Modify Tools, Impair Defenses |
Defense Evasion |
BlackByte Ransomware |
Windows Service |
Persistence |
BlackMatter Ransomware |
Domain Account, Account Discovery |
Discovery |
Brute Ratel C4 |
Service Stop |
Impact |
CISA AA23-347A |
Windows Management Instrumentation |
Execution |
Caddy Wiper |
Disk Structure Wipe, Disk Wipe |
Impact |
Chaos Ransomware |
Malicious File, User Execution |
Execution |
Clop Ransomware |
System Services, Service Execution |
Execution |
ColdRoot MacOS RAT |
None |
None |
Cyclops Blink |
Disable or Modify System Firewall, Impair Defenses |
Defense Evasion |
DHS Report TA18-074A |
Modify Registry |
Defense Evasion |
DarkCrystal RAT |
Phishing, Spearphishing Attachment |
Initial Access |
DarkSide Ransomware |
LSASS Memory, OS Credential Dumping |
Credential Access |
Data Destruction |
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation |
Defense Evasion |
Double Zero Destructor |
Disable or Modify Tools, Impair Defenses |
Defense Evasion |
Dynamic DNS |
Exfiltration Over Alternative Protocol |
Exfiltration |
Emotet Malware DHS Report TA18-201A |
Spearphishing Attachment, Phishing |
Initial Access |
FIN7 |
XSL Script Processing |
Defense Evasion |
Graceful Wipe Out Attack |
Service Stop |
Impact |
Hermetic Wiper |
Disk Structure Wipe, Disk Wipe |
Impact |
Hidden Cobra Malware |
SMB/Windows Admin Shares, Remote Services |
Lateral Movement |
IcedID |
Disable or Modify Tools, Impair Defenses |
Defense Evasion |
Industroyer2 |
Domain Account, Account Discovery |
Discovery |
LockBit Ransomware |
Modify Registry |
Defense Evasion |
Network Discovery |
System Network Configuration Discovery |
Discovery |
NjRAT |
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation |
Defense Evasion |
Orangeworm Attack Group |
Windows Service, Create or Modify System Process |
Persistence |
Phemedrone Stealer |
IP Addresses, Gather Victim Network Information |
Reconnaissance |
PlugX |
Service Stop |
Impact |
Prestige Ransomware |
Windows Management Instrumentation |
Execution |
Qakbot |
Windows Management Instrumentation |
Execution |
Ransomware |
Remote Access Software |
Command And Control |
Ransomware Cloud |
Data Encrypted for Impact |
Impact |
RedLine Stealer |
Service Stop |
Impact |
Remcos |
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation |
Defense Evasion |
Revil Ransomware |
System Binary Proxy Execution, CMSTP |
Defense Evasion |
Rhysida Ransomware |
System Binary Proxy Execution, Rundll32 |
Defense Evasion |
Ryuk Ransomware |
Windows Command Shell |
Execution |
SamSam Ransomware |
Data Encrypted for Impact |
Impact |
Sandworm Tools |
System Shutdown/Reboot |
Impact |
Swift Slicer |
Data Destruction |
Impact |
SysAid On-Prem Software CVE-2023-47246 Vulnerability |
Command and Scripting Interpreter, PowerShell, Ingress Tool Transfer |
Execution |
Trickbot |
Command and Scripting Interpreter |
Execution |
Unusual Processes |
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation |
Defense Evasion |
Volt Typhoon |
Windows Management Instrumentation |
Execution |
Warzone RAT |
DLL Side-Loading |
Persistence |
WhisperGate |
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation |
Defense Evasion |
Windows File Extension and Association Abuse |
Change Default File Association |
Privilege Escalation |
Windows Registry Abuse |
Services Registry Permissions Weakness |
Persistence |
Windows Service Abuse |
Windows Service, Create or Modify System Process |
Persistence |
Winter Vivern |
Screen Capture |
Collection |
XMRig |
Windows Service, Create or Modify System Process |
Persistence |