Malware

Name Technique Tactic
AcidRain Data Destruction, File Deletion, Indicator Removal on Host Impact
Azorult Disable or Modify Tools, Impair Defenses Defense Evasion
BlackMatter Ransomware Data Encrypted for Impact Impact
Brute Ratel C4 Service Stop Impact
Caddy Wiper Disk Structure Wipe, Disk Wipe Impact
Clop Ransomware System Services, Service Execution Execution
ColdRoot MacOS RAT None None
CyclopsBLink Disable or Modify System Firewall, Impair Defenses Defense Evasion
DHS Report TA18-074A Modify Registry Defense Evasion
DarkCrystal RAT Phishing, Spearphishing Attachment Initial Access
DarkSide Ransomware LSASS Memory, OS Credential Dumping Credential Access
Data Destruction Disk Structure Wipe, Disk Wipe Impact
Double Zero Destructor Disable or Modify Tools, Impair Defenses Defense Evasion
Dynamic DNS Exfiltration Over Alternative Protocol Exfiltration
Emotet Malware DHS Report TA18-201A Spearphishing Attachment, Phishing Initial Access
FIN7 XSL Script Processing Defense Evasion
Hermetic Wiper Disk Structure Wipe, Disk Wipe Impact
Hidden Cobra Malware SMB/Windows Admin Shares, Remote Services Lateral Movement
IcedID Disable or Modify Tools, Impair Defenses Defense Evasion
Industroyer2 Domain Account, Account Discovery Discovery
Network Discovery System Network Configuration Discovery Discovery
Orangeworm Attack Group Windows Service, Create or Modify System Process Persistence
Ransomware Remote Access Software Command And Control
Ransomware Cloud Data Encrypted for Impact Impact
Remcos Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Revil Ransomware System Binary Proxy Execution, CMSTP Defense Evasion
Ryuk Ransomware Windows Command Shell Execution
SamSam Ransomware Data Encrypted for Impact Impact
Trickbot Command and Scripting Interpreter Execution
Unusual Processes Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
WhisperGate Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Windows File Extension and Association Abuse Change Default File Association Privilege Escalation
Windows Registry Abuse Services Registry Permissions Weakness Persistence
Windows Service Abuse Windows Service, Create or Modify System Process Persistence
XMRig Windows Service, Create or Modify System Process Persistence