Malware

Name Technique Tactic
BlackMatter Ransomware Data Encrypted for Impact Impact
Clop Ransomware Indicator Removal on Host, Clear Windows Event Logs Defense Evasion
ColdRoot MacOS RAT None None
DHS Report TA18-074A Modify Registry Defense Evasion
DarkSide Ransomware Bypass User Account Control, Abuse Elevation Control Mechanism Privilege Escalation
Dynamic DNS Exfiltration Over Alternative Protocol Exfiltration
Emotet Malware DHS Report TA18-201A Spearphishing Attachment, Phishing Initial Access
FIN7 XSL Script Processing Defense Evasion
Hidden Cobra Malware SMB/Windows Admin Shares, Remote Services Lateral Movement
IcedID Scheduled Task Execution
Orangeworm Attack Group Windows Service, Create or Modify System Process Persistence
Ransomware Indicator Removal on Host, Clear Windows Event Logs Defense Evasion
Ransomware Cloud Data Encrypted for Impact Impact
Remcos Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Revil Ransomware Signed Binary Proxy Execution, CMSTP Defense Evasion
Ryuk Ransomware Service Stop Impact
SamSam Ransomware Data Encrypted for Impact Impact
Trickbot Remote Services, SMB/Windows Admin Shares Lateral Movement
Unusual Processes Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Windows File Extension and Association Abuse Masquerading, Rename System Utilities Defense Evasion
Windows Service Abuse Windows Service, Create or Modify System Process Persistence
XMRig Windows Service, Create or Modify System Process Persistence