Attack Pattern: Application Layer Protocol - T1071
Attack Pattern: Asymmetric Cryptography - T1573.002
Attack Pattern: Clear Windows Event Logs - T1070.001
Attack Pattern: Cloud Accounts - T1585.003
Attack Pattern: Compromise Software Supply Chain - T1195.002
Attack Pattern: Create Process with Token - T1134.002
Attack Pattern: DLL Side-Loading - T1574.002
Attack Pattern: DNS - T1071.004
Attack Pattern: Data Manipulation - T1565
Attack Pattern: Debugger Evasion - T1622
Attack Pattern: Deobfuscate/Decode Files or Information - T1140
Attack Pattern: Digital Certificates - T1588.004
Attack Pattern: Domains - T1584.001
Attack Pattern: Embedded Payloads - T1027.009
Attack Pattern: Encrypted Channel - T1573
Attack Pattern: Exfiltration Over C2 Channel - T1041
Attack Pattern: Exploit Public-Facing Application - T1190
Attack Pattern: File Deletion - T1070.004
Attack Pattern: File and Directory Discovery - T1083
Attack Pattern: Hijack Execution Flow - T1574
Attack Pattern: Impair Command History Logging - T1562.003
Attack Pattern: Indicator Removal - T1070
Attack Pattern: Ingress Tool Transfer - T1105
Attack Pattern: Install Digital Certificate - T1608.003
Attack Pattern: Invalid Code Signature - T1036.001
Attack Pattern: Malicious File - T1204.002
Attack Pattern: Malware - T1587.001
Attack Pattern: Masquerading - T1036
Attack Pattern: Modify Registry - T1112
Attack Pattern: Obfuscated Files or Information - T1027
Attack Pattern: Obtain Capabilities - T1588
Attack Pattern: Process Injection - T1055
Attack Pattern: Proxy - T1090
Attack Pattern: Query Registry - T1012
Attack Pattern: Reflective Code Loading - T1620
Attack Pattern: Social Media - T1593.001
Attack Pattern: Spearphishing Link - T1566.002
Attack Pattern: Stage Capabilities - T1608
Attack Pattern: Standard Encoding - T1132.001
Attack Pattern: Stored Data Manipulation - T1565.001
Attack Pattern: Supply Chain Compromise - T1195
Attack Pattern: Symmetric Cryptography - T1573.001
Attack Pattern: System Checks - T1497.001
Attack Pattern: System Information Discovery - T1082
Attack Pattern: System Language Discovery - T1614.001
Attack Pattern: System Location Discovery - T1614
Attack Pattern: Time Based Evasion - T1497.003
Attack Pattern: Unix Shell Configuration Modification - T1546.004
Attack Pattern: Upload Malware - T1608.001
Attack Pattern: Virtualization/Sandbox Evasion - T1497
Attack Pattern: Web Protocols - T1071.001
Campaign: SmoothOperator
Malware: BADCALL - S0245
Malware: COLDCAT
Malware: IconicStealer
Malware: POOLRAT
Malware: SIGFLIP
Malware: Simplesea
Malware: TAXHAUL
Malware: VEILEDSIGNAL
Malware: Veiledsignal
Malware: sRDI
Threat Actor: APT43
Threat Actor: Citrine Sleet
Threat Actor: LABYRINTH CHOLLIMA
Threat Actor: Lazarus (umbrella)
Threat Actor: VELVET CHOLLIMA (umbrella)