Attack Pattern: Account Discovery - T1087
Attack Pattern: Acquire Infrastructure - T1583
Attack Pattern: Application Layer Protocol - T1437
Attack Pattern: Brute Force - T1110
Attack Pattern: Data Destruction - T1485
Attack Pattern: Data Encrypted for Impact - T1486
Attack Pattern: Data from Local System - T1005
Attack Pattern: Data from Network Shared Drive - T1039
Attack Pattern: Disable or Modify Tools - T1562.001
Attack Pattern: Domain Accounts - T1078.002
Attack Pattern: Execution Guardrails - T1480
Attack Pattern: Financial Theft - T1657
Attack Pattern: Malware - T1587.001
Attack Pattern: Malware - T1588.001
Attack Pattern: Non-Standard Encoding - T1132.002
Attack Pattern: PowerShell - T1059.001
Attack Pattern: Process Discovery - T1057
Attack Pattern: Remote Desktop Protocol - T1021.001
Attack Pattern: SMB/Windows Admin Shares - T1021.002
Attack Pattern: Safe Mode Boot - T1562.009
Attack Pattern: System Binary Proxy Execution - T1218
Attack Pattern: Tool - T1588.002
Attack Pattern: Transfer Data to Cloud Account - T1537
Attack Pattern: Upload Malware - T1608.001
Attack Pattern: Upload Tool - T1608.002
Attack Pattern: Valid Accounts - T1078
Attack Pattern: Windows Command Shell - T1059.003
Location: Turkey
Malware: BianLian (Android)
Malware: EDRKillShifter
Malware: Medusa Blog
Malware: Play ransomware
Malware: RansomHub
Threat Actor: MASKED SPIDER
Threat Actor: RECESS SPIDER