| DarkHotel (b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d) |
Threat Actor |
DUBNIUM (b56af6ab-69f8-457a-bf50-c3aefa6dc14a) |
Microsoft Activity Group actor |
1 |
| DUBNIUM (b56af6ab-69f8-457a-bf50-c3aefa6dc14a) |
Microsoft Activity Group actor |
Darkhotel - APT-C-06 (f52ab8b8-71f2-5a88-946f-853dc3441efe) |
360.net Threat Actors |
1 |
| DarkHotel (b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d) |
Threat Actor |
Zigzag Hail (0a4ddab3-a1a6-5372-b11f-5edc25c0e548) |
Microsoft Activity Group actor |
2 |
| DarkHotel (b8c8b96d-61e6-47b1-8e38-fd8ad5d9854d) |
Threat Actor |
Darkhotel - APT-C-06 (f52ab8b8-71f2-5a88-946f-853dc3441efe) |
360.net Threat Actors |
2 |
| Zigzag Hail (0a4ddab3-a1a6-5372-b11f-5edc25c0e548) |
Microsoft Activity Group actor |
Darkhotel - APT-C-06 (f52ab8b8-71f2-5a88-946f-853dc3441efe) |
360.net Threat Actors |
2 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Darkhotel - APT-C-06 (f52ab8b8-71f2-5a88-946f-853dc3441efe) |
360.net Threat Actors |
2 |
| Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) |
Attack Pattern |
3 |
| Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
3 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
3 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
3 |
| Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) |
Attack Pattern |
Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
3 |
| Darkhotel - G0012 (9e729a7e-0dd6-4097-95bf-db8d64911383) |
Intrusion Set |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
3 |
| Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) |
Attack Pattern |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
4 |
| Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) |
Attack Pattern |
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) |
Attack Pattern |
4 |
| Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
4 |
| Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) |
Attack Pattern |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
4 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
4 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
4 |
| Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) |
Attack Pattern |
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) |
Attack Pattern |
4 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
4 |
| Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
4 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
4 |
| Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
4 |
| Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
4 |