Malware

Name	Technique	Tactic
AcidRain	Data Destruction, File Deletion, Indicator Removal	Impact
AgentTesla	Spearphishing Attachment, Phishing	Initial Access
Amadey	PowerShell, Command and Scripting Interpreter	Execution
AsyncRAT	Spearphishing Attachment, Phishing	Initial Access
AwfulShred	Unix Shell, Command and Scripting Interpreter	Execution
Azorult	Disable or Modify Tools, Impair Defenses	Defense Evasion
BlackByte Ransomware	Windows Service	Persistence
BlackMatter Ransomware	Domain Account, Account Discovery	Discovery
Brute Ratel C4	Service Stop	Impact
CISA AA23-347A	Windows Management Instrumentation	Execution
Caddy Wiper	Disk Structure Wipe, Disk Wipe	Impact
Chaos Ransomware	Malicious File, User Execution	Execution
Clop Ransomware	System Services, Service Execution	Execution
ColdRoot MacOS RAT	None	None
Cyclops Blink	Disable or Modify System Firewall, Impair Defenses	Defense Evasion
DHS Report TA18-074A	Modify Registry	Defense Evasion
DarkCrystal RAT	Phishing, Spearphishing Attachment	Initial Access
DarkSide Ransomware	LSASS Memory, OS Credential Dumping	Credential Access
Data Destruction	Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation	Defense Evasion
Double Zero Destructor	Disable or Modify Tools, Impair Defenses	Defense Evasion
Dynamic DNS	Exfiltration Over Alternative Protocol	Exfiltration
Emotet Malware DHS Report TA18-201A	Spearphishing Attachment, Phishing	Initial Access
FIN7	XSL Script Processing	Defense Evasion
Graceful Wipe Out Attack	Service Stop	Impact
Hermetic Wiper	Disk Structure Wipe, Disk Wipe	Impact
Hidden Cobra Malware	SMB/Windows Admin Shares, Remote Services	Lateral Movement
IcedID	Disable or Modify Tools, Impair Defenses	Defense Evasion
Industroyer2	Domain Account, Account Discovery	Discovery
LockBit Ransomware	Modify Registry	Defense Evasion
Network Discovery	System Network Configuration Discovery	Discovery
NjRAT	Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation	Defense Evasion
Orangeworm Attack Group	Windows Service, Create or Modify System Process	Persistence
Phemedrone Stealer	IP Addresses, Gather Victim Network Information	Reconnaissance
PlugX	Service Stop	Impact
Prestige Ransomware	Windows Management Instrumentation	Execution
Qakbot	Windows Management Instrumentation	Execution
Ransomware	Remote Access Software	Command And Control
Ransomware Cloud	Data Encrypted for Impact	Impact
RedLine Stealer	Service Stop	Impact
Remcos	Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation	Defense Evasion
Revil Ransomware	System Binary Proxy Execution, CMSTP	Defense Evasion
Rhysida Ransomware	System Binary Proxy Execution, Rundll32	Defense Evasion
Ryuk Ransomware	Windows Command Shell	Execution
SamSam Ransomware	Data Encrypted for Impact	Impact
Sandworm Tools	System Shutdown/Reboot	Impact
Swift Slicer	Data Destruction	Impact
SysAid On-Prem Software CVE-2023-47246 Vulnerability	Exploit Public-Facing Application, External Remote Services	Initial Access
Trickbot	Command and Scripting Interpreter	Execution
Unusual Processes	Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation	Defense Evasion
Volt Typhoon	Windows Management Instrumentation	Execution
Warzone RAT	DLL Side-Loading	Persistence
WhisperGate	Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation	Defense Evasion
Windows File Extension and Association Abuse	Change Default File Association	Privilege Escalation
Windows Registry Abuse	Services Registry Permissions Weakness	Persistence
Windows Service Abuse	Windows Service, Create or Modify System Process	Persistence
Winter Vivern	Screen Capture	Collection
XMRig	Windows Service, Create or Modify System Process	Persistence