Home
Overview
TTPs: MITRE’d and Sorted
Extracted Data
Malware and associated MITRE ATT&CK techniques from the uploaded threat report.
Miniduke
T1102.001 – Dead Drop Resolver
T1082 – System Information Discovery
T1568.002 – Domain Generation Algorithms
T1027 – Obfuscated Files or Information
T1008 – Fallback Channels
T1105 – Ingress Tool Transfer
T1090.001 – Internal Proxy
T1083 – File and Directory Discovery
T1071.001 – Web Protocols
Pinchduke
T1083 – File and Directory Discovery
T1003 – OS Credential Dumping
T1071.001 – Web Protocols
T1082 – System Information Discovery
T1555 – Credentials from Password Stores
T1555.003 – Credentials from Web Browsers
T1005 – Data from Local System
Cosmicduke
T1543.003 – Windows Service
T1003.004 – LSA Secrets
T1048.003 – Exfiltration Over Unencrypted Non-C2 Protocol
T1039 – Data from Network Shared Drive
T1555 – Credentials from Password Stores
T1083 – File and Directory Discovery
T1555.003 – Credentials from Web Browsers
T1068 – Exploitation for Privilege Escalation
T1115 – Clipboard Data
T1056.001 – Keylogging
T1113 – Screen Capture
T1071.001 – Web Protocols
T1114.001 – Local Email Collection
T1003.002 – Security Account Manager
T1020 – Automated Exfiltration
T1005 – Data from Local System
T1053.005 – Scheduled Task
T1573.001 – Symmetric Cryptography
T1025 – Data from Removable Media
Hammertoss
T1567.002 – Exfiltration to Cloud Storage
T1001.002 – Steganography
T1564.003 – Hidden Window
T1573.001 – Symmetric Cryptography
T1071.001 – Web Protocols
T1059.001 – PowerShell
T1102.003 – One-Way Communication
Onionduke
T1003 – OS Credential Dumping
T1499 – Endpoint Denial of Service
T1102.003 – One-Way Communication
T1071.001 – Web Protocols
T1140 – Deobfuscate/Decode Files or Information
Cloudduke
T1071.001 – Web Protocols
T1102.002 – Bidirectional Communication
T1105 – Ingress Tool Transfer
Duqu
T1056.001 – Keylogging
T1560.003 – Archive via Custom Method
T1090.001 – Internal Proxy
T1218.007 – Msiexec
T1087.001 – Local Account
T1057 – Process Discovery
T1078 – Valid Accounts
T1543.003 – Windows Service
T1572 – Protocol Tunneling
T1074.001 – Local Data Staging
T1055.001 – Dynamic-link Library Injection
T1573.001 – Symmetric Cryptography
T1071 – Application Layer Protocol
T1021.002 – SMB/Windows Admin Shares
T1049 – System Network Connections Discovery
T1134 – Access Token Manipulation
T1010 – Application Window Discovery
T1053.005 – Scheduled Task
T1001.002 – Steganography
T1016 – System Network Configuration Discovery
T1055.012 – Process Hollowing
Geminiduke
T1083 – File and Directory Discovery
T1087.001 – Local Account
T1057 – Process Discovery
T1016 – System Network Configuration Discovery
T1007 – System Service Discovery
T1071.001 – Web Protocols
Seaduke
T1059.003 – Windows Command Shell
T1550.003 – Pass the Ticket
T1132.001 – Standard Encoding
T1078 – Valid Accounts
T1560.002 – Archive via Library
T1105 – Ingress Tool Transfer
T1070.004 – File Deletion
T1114.002 – Remote Email Collection
T1027.002 – Software Packing
T1071.001 – Web Protocols
T1547.001 – Registry Run Keys / Startup Folder
T1573.001 – Symmetric Cryptography
T1547.009 – Shortcut Modification
T1059.001 – PowerShell
T1546.003 – Windows Management Instrumentation Event Subscription
Cozycar
T1059.003 – Windows Command Shell
T1082 – System Information Discovery
T1071.001 – Web Protocols
T1102.002 – Bidirectional Communication
T1547.001 – Registry Run Keys / Startup Folder
T1518.001 – Security Software Discovery
T1218.011 – Rundll32
T1003.001 – LSASS Memory
T1497 – Virtualization/Sandbox Evasion
T1027.013 – Encrypted/Encoded File
T1003.002 – Security Account Manager
T1036.003 – Rename Legitimate Utilities
T1053.005 – Scheduled Task
T1543.003 – Windows Service