Malware

Name Technique Tactic
AcidRain Data Destruction, File Deletion, Indicator Removal Impact
AgentTesla Spearphishing Attachment, Phishing Initial Access
Amadey PowerShell, Command and Scripting Interpreter Execution
AsyncRAT Spearphishing Attachment, Phishing Initial Access
AwfulShred Unix Shell, Command and Scripting Interpreter Execution
Azorult Disable or Modify Tools, Impair Defenses Defense Evasion
BlackByte Ransomware Windows Service Persistence
BlackMatter Ransomware Data Encrypted for Impact Impact
Brute Ratel C4 Service Stop Impact
CISA AA23-347A Windows Management Instrumentation Execution
Caddy Wiper Disk Structure Wipe, Disk Wipe Impact
Chaos Ransomware Malicious File, User Execution Execution
Clop Ransomware System Services, Service Execution Execution
ColdRoot MacOS RAT None None
CyclopsBLink Disable or Modify System Firewall, Impair Defenses Defense Evasion
DHS Report TA18-074A Modify Registry Defense Evasion
DarkCrystal RAT Phishing, Spearphishing Attachment Initial Access
DarkSide Ransomware LSASS Memory, OS Credential Dumping Credential Access
Data Destruction Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Double Zero Destructor Disable or Modify Tools, Impair Defenses Defense Evasion
Dynamic DNS Exfiltration Over Alternative Protocol Exfiltration
Emotet Malware DHS Report TA18-201A Spearphishing Attachment, Phishing Initial Access
FIN7 XSL Script Processing Defense Evasion
Graceful Wipe Out Attack Service Stop Impact
Hermetic Wiper Disk Structure Wipe, Disk Wipe Impact
Hidden Cobra Malware SMB/Windows Admin Shares, Remote Services Lateral Movement
IcedID Disable or Modify Tools, Impair Defenses Defense Evasion
Industroyer2 Domain Account, Account Discovery Discovery
LockBit Ransomware Modify Registry Defense Evasion
Network Discovery System Network Configuration Discovery Discovery
NjRAT Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Orangeworm Attack Group Windows Service, Create or Modify System Process Persistence
Phemedrone Stealer IP Addresses, Gather Victim Network Information Reconnaissance
PlugX Service Stop Impact
Prestige Ransomware Windows Management Instrumentation Execution
Qakbot Windows Management Instrumentation Execution
Ransomware Remote Access Software Command And Control
Ransomware Cloud Data Encrypted for Impact Impact
RedLine Stealer Service Stop Impact
Remcos Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Revil Ransomware System Binary Proxy Execution, CMSTP Defense Evasion
Rhysida Ransomware System Binary Proxy Execution, Rundll32 Defense Evasion
Ryuk Ransomware Windows Command Shell Execution
SamSam Ransomware Data Encrypted for Impact Impact
Sandworm Tools System Shutdown/Reboot Impact
Swift Slicer Data Destruction Impact
SysAid On-Prem Software CVE-2023-47246 Vulnerability Exploit Public-Facing Application, External Remote Services Initial Access
Trickbot Command and Scripting Interpreter Execution
Unusual Processes Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Volt Typhoon Windows Management Instrumentation Execution
Warzone RAT DLL Side-Loading Persistence
WhisperGate Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Windows File Extension and Association Abuse Change Default File Association Privilege Escalation
Windows Registry Abuse Services Registry Permissions Weakness Persistence
Windows Service Abuse Windows Service, Create or Modify System Process Persistence
Winter Vivern Screen Capture Collection
XMRig Windows Service, Create or Modify System Process Persistence