Showing content from https://app-api.tidalcyber.com/api/v1/software/ below:
{"meta":{"status":200,"terms-of-use":"Use of the data returned by this API is governed by Tidal Cyber's Terms of Use: https://www.tidalcyber.com/terms-of-use"},"data":[{"id":"71d76208-c465-4447-8d6e-c54f142b65a4","name":"3PARA RAT","type":"malware","source":"MITRE","software_attack_id":"S0066","tidal_id":"5b36a0d5-b28d-59b5-ac62-c95169389c9c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8ec16667-1db5-491a-8696-38f7948e5e5d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a15142a3-4797-4fef-8ec6-065e3322a69b","name":"4H RAT","type":"malware","source":"MITRE","software_attack_id":"S0065","tidal_id":"1a0414d3-a79d-5e69-9678-3c63e413d3ff","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b14b2554-d61e-4cd0-93be-bcc53a6ae976","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4665e52b-3c5c-4a7f-9432-c89ef26f2c93","name":"7-Zip","type":"tool","source":"Tidal Cyber","software_attack_id":"S3023","tidal_id":"e57d34bd-aa4f-528d-be4d-6e0ebfc5bab2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cdfe3925-aa4a-4d22-940e-2aa6697a9911","name":"7-zip","description":"","source":"Tidal Cyber","associated_software_id":"b7942342-d390-408d-8d11-edff76322ff3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"42de9f3d-46b2-4304-a68f-acbd9746e35f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"26221a82-ccc8-415a-a8c5-e0c9d2631a2f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"92c268bd-aa97-460f-82d4-0654f4d169d5","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"cf9441fc-56a1-4794-b4d2-50d1eb5fef25","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"d8523222-e577-484b-b3c5-a4f35420602e","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"318554b2-1665-4ec8-b073-bbc52894b5d2","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"a208999e-d9b3-434f-a34e-549c97b90fa4","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"df4a9758-74c4-4484-8e7a-e0e7aaeca68c","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"55917689-2a7d-419e-a908-de5881a74ace","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"efade95a-1a3e-46a7-b56e-3efd7b67f93b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"dd8f26ab-697b-468f-abba-239238c52c45","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4091fc66-af3c-4719-90e1-13e7ae08d3ec","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"9d4dfa8b-e9e6-49bb-b4af-f7896c3a9f25","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"88a5435f-5586-4cb4-a9c0-1961ee060a67","name":"8Base Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3061","tidal_id":"49f2f276-a518-5bd3-b119-42a6d2500f7e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f80ce14f-0029-4c01-839e-325c597ca4e0","tag":"1d06c2ad-3f16-44e4-908c-d6a3191aa29c"},{"id":"82d7c7b1-afd7-4d6d-8d4c-e8e0ce6b6d63","tag":"51946995-71d4-4bd3-9f7f-491b450f018b"},{"id":"8221e4c4-fdd9-4581-a316-d53630fa6113","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2d6ff630-c797-484a-a62b-e277f4502886","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"e80554d1-9c20-4bb3-bf0e-042cd7ddf4c1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"4076ba78-64a8-4089-bda0-77e1d766b91e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"151c4373-9dda-4b96-9b7c-9cbde4a99c03","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3d33fbf5-c21e-4587-ba31-9aeec3cc10c0","name":"AADInternals","type":"tool","source":"MITRE","software_attack_id":"S0677","tidal_id":"452b1cf7-c058-5c34-ae9c-0a143e1c3733","platforms":[{"id":"fe608ebe-d912-5489-95fc-914b226a933f","name":"Identity Provider"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"}],"associated_software":[],"groups":[{"description":"[[MSTIC Nobelium Oct 2021](https://app.tidalcyber.com/references/7b6cc308-9871-47e5-9039-a9a7e66ce373)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1fc75668-1864-4ca5-9aed-ab0e437f04e7","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"208551f2-9997-44ba-a0c0-3bd65b6d230a","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"0c37c2e6-35c7-4bb9-ae73-6197401dc761","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5053c6a8-fc60-4805-a839-ed9f27c1cd42","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"986f1e4f-b4b5-4754-bd8b-a076a3f3cba2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"394cadd0-bc4d-4181-ac53-858e84b8e3de","name":"ABK","type":"malware","source":"MITRE","software_attack_id":"S0469","tidal_id":"7bb43fb0-d6a2-50c1-88e8-3d5d033f7ad9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"65a44696-83b7-4457-89d6-48ac8afc1ef0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"cce705c7-49f8-4b54-b854-fd4b3a32e6ff","name":"AccCheckConsole","type":"tool","source":"Tidal Cyber","software_attack_id":"S3324","tidal_id":"24c90e73-b1de-58b1-9d0e-290ee82a5151","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d9cee454-5016-40f4-9c75-2b8eb684724d","name":"AccCheckConsole.exe","description":"[[AccCheckConsole.exe - LOLBAS Project](/references/de5523bd-e735-4751-84e9-a1be1d2980ec)]","source":"Tidal Cyber","associated_software_id":"9a77d9ce-dd34-4ff9-8b26-c74ef5055a2f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"acc31e91-8b34-4698-bbb0-782565d043a4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"eb013e0b-2147-4580-baf8-3b7d98fd62b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6bc29df2-195e-410c-ad08-f3661575492f","name":"AccountRestore","type":"malware","source":"Tidal Cyber","software_attack_id":"S3082","tidal_id":"c52e3846-b862-5aba-9f5f-a934e42b672a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9849894e-f172-4071-82f6-085c5a729f38","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce","name":"AcidPour","type":"malware","source":"MITRE","software_attack_id":"S1167","tidal_id":"ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[AcidPour](https://app.tidalcyber.com/software/ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666).[[SentinelOne AcidPour 2024](https://app.tidalcyber.com/references/f6009712-7c94-5daf-82b4-c269454d6b1e)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"95daee1c-cc6f-4974-b9df-60e1555b5d4e","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"129df734-2e38-45a2-ac1b-e3a10e5224e7","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"cf465790-3d6d-5767-bb8c-63a429f95d83","name":"AcidRain","type":"malware","source":"MITRE","software_attack_id":"S1125","tidal_id":"ef44892a-7693-5e9c-9cb4-bd721f13a2fd","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) is linked to [AcidRain](https://app.tidalcyber.com/software/cf465790-3d6d-5767-bb8c-63a429f95d83) deployment during the ViaSat KA-SAT incident in 2022.[[Vincens AcidPour 2024](https://app.tidalcyber.com/references/742c8a5c-21e5-58d8-a90d-f4c186c0699a)][[AcidRain JAGS 2022](https://app.tidalcyber.com/references/bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"30c49a5f-9af5-4776-a118-51f561e550bd","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"335f47a6-9c02-4194-9431-0e2008e46179","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"}],"owner_name":null},{"id":"202781a3-d481-4984-9e5a-31caafc20135","name":"Action RAT","type":"malware","source":"MITRE","software_attack_id":"S1028","tidal_id":"09d265f7-18f7-544c-88d4-1362b911c6b5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f52e759a-a725-4b50-84f2-12bef89d369e","name":"adbupd","type":"malware","source":"MITRE","software_attack_id":"S0202","tidal_id":"8369033a-27f4-5522-96f7-2b8aa2aeb350","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"253f97c3-ba35-4064-8ec0-892872432214","name":"AddinUtil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3190","tidal_id":"acaccd65-358a-5422-9e67-1c70927a8e5d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d09bd642-055d-4626-8324-ff5d97488672","name":"AddinUtil.exe","description":"[[AddinUtil.exe - LOLBAS Project](/references/91af546d-0a56-4c17-b292-6257943a8aba)]","source":"Tidal Cyber","associated_software_id":"200ecd1e-c1a6-41a3-bb9a-ee687334c2c1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"63be1071-7e3f-4ef4-bb96-041a58e3c1a7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"be1e081f-1629-458d-9cd1-d4a62025c857","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"70559096-2a6b-4388-97e6-c2b16f3be78e","name":"AdFind","type":"tool","source":"MITRE","software_attack_id":"S0552","tidal_id":"ede51080-65ef-5985-a3ca-a9e25fdcc724","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [AdFind](https://app.tidalcyber.com/software/70559096-2a6b-4388-97e6-c2b16f3be78e) during operations.[[Symantec BlackByte 2022](https://app.tidalcyber.com/references/965503f6-e5f9-5c98-b0c4-1211e44346d9)][[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Cuba August 9 2022](/references/06f668d9-9a68-4d2f-b9a0-b92beb3b75d6)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [AdFind](https://app.tidalcyber.com/software/70559096-2a6b-4388-97e6-c2b16f3be78e) to query Active Directory in victim environments.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye Ryuk and Trickbot January 2019](https://app.tidalcyber.com/references/b29dc755-f1f0-4206-9ecf-29257a1909ee)][[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)][[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Analyzing Solorigate Dec 2020](https://app.tidalcyber.com/references/8ad72d46-ba2c-426f-bb0d-eb47723c8e11)][[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)][[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)][[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7c1c0169-25ed-4ccc-859d-9e1ffada0126","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"e595b9a3-62b4-4745-bf2d-bffc650db8ea","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ad123f3-20a6-4d38-b9d3-5e22992bdba9","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"7d900ce2-4ec6-4141-99ac-ae7bd317f97c","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"3ef13b8f-35e8-4b8a-8a03-effcdd073f12","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"1f79865f-8737-495d-9afc-3a671659c658","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"acd63a0c-f175-4142-9dda-e761daec435f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e71d9661-c3cd-47c4-a6d9-dcd9a12140fc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1f7f1537-c9dd-4e25-b4bb-683ada881328","tag":"3a633b73-9c2c-4293-8577-fb97be0cda37"},{"id":"4f750ec0-2426-476e-971d-84ccfc9b165b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"17bd1467-722c-455b-9485-15a8fe36dc65","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"5a2455ef-9513-4097-a572-c5e66246d129","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"94052dc8-df6c-40de-b87a-d4dc1dd522bc","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"20b1547b-bf30-4841-94cf-6add39700fd2","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"8a0e1bbe-920c-482e-b63d-628198bb46ff","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d239e054-383d-4517-9407-05feaeb6ec70","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f3cb3dee-5e90-4cec-91ee-0bfa8edd6300","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"3f229fe8-4d03-48ba-97b5-d7132510e090","name":"adplus","type":"tool","source":"Tidal Cyber","software_attack_id":"S3325","tidal_id":"24014676-bd66-5e22-be77-c76d93af3a69","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"86e4b24f-f2fd-428e-a1bc-5ce17899e6e9","name":"adplus.exe","description":"[[adplus.exe - LOLBAS Project](/references/d407ca0a-7ace-4dc5-947d-69a1e5a1d459)]","source":"Tidal Cyber","associated_software_id":"1db1d4d7-d442-457d-afb9-5c3dcb21645a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e8ca5da9-5d80-47ad-a868-2b34c9f9b4e0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1d3a2c54-a750-441c-b3e3-0b72fb039da7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c227bea1-9996-49d6-97ca-10a2fc156747","name":"ADRecon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3111","tidal_id":"d2e30eab-d2f8-5cf0-a0c4-a6e13d32baff","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"228f98f0-ee48-4f84-b300-119c026ea1e6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"519dfb8e-d26e-4868-8b7a-2085f400ffd1","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"533b834c-c72d-44a2-96da-b0d43e197459","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"dd87ae57-86aa-4eec-a396-9c2e0d7971c9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"ff0af6fd-e4a1-47c9-b4a1-7ce5074e089e","name":"Advanced IP Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3024","tidal_id":"0a50fc9a-4faf-5dee-8464-9d03df040660","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"210bf606-0cdf-407c-8cc0-b6cb239580ef","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"718e1868-c01f-4255-8f82-b2d1871ccaa3","tag":"da180b04-2897-4416-a904-9d7e336d9ee4"},{"id":"02a58e4f-7ded-424f-a677-dd54b30e7b62","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"8dcd68b1-a70c-43a6-a88c-65ba61760611","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"7d03eb01-16c6-4f74-9947-e3ed752a2e6a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b7e69c1b-a117-4ddd-8d2f-02298322f90e","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c39b4c8e-abb8-4a9d-bc74-1bcc33e749df","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"8fa71c6e-92a5-4085-b3a9-cc93146416d6","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a254d184-fc80-4ecd-a0be-bc30fd2adc63","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"eae15634-51fe-4cf5-b57e-45e4a88588e6","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"34045032-037e-4b58-ba36-122f31d7f6a8","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3b5582af-0857-418d-b314-9de46d6b8f58","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"154ebf13-68ed-4865-9bcd-cf2d1fc9bea3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"76edb85b-3214-48ba-a218-ab8cfd60fdb4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b2140131-64ce-40e1-8802-92562f406c00","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fe676550-907e-4299-a573-53304cf04bcf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f93b54cf-a17c-4739-a7af-4106055f868d","name":"Advanced Port Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3025","tidal_id":"e0578fbe-99e8-5029-b45a-1afda321877f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"41a01832-f948-4fea-89b3-30dd3d7e469d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"300ddb8a-9a92-46fa-b842-9711c6b7b89b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"85ca6338-bd11-48cc-a58a-8afea0c5a40a","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"855b7069-cbee-4816-803a-e4be2515d118","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"618f4828-6148-4d42-b5ee-f88e2769b534","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"b24eb346-caa6-4b87-9d17-758238c9ebcf","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"28abefe4-e6c1-4907-a3aa-ccd3636eb854","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"ed1cf877-ef1c-4d5b-a704-33232ba82d59","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2522a3c0-6e44-45ec-b8da-094484e0819a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ce7b0165-4f79-4281-9653-77e2029630fe","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5652dd94-5b8d-4a78-ad08-d0c9d9c22d2d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7ef15943-8061-4941-b14e-9634c0b95d28","name":"AdvancedRun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3026","tidal_id":"7c200850-4c76-5b7b-926c-9045c807eb64","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"437013a8-8caf-4ce9-9646-d012a7582438","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"113fcc45-158d-4585-9531-40ca35c498ee","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"9347d61b-cd00-4a29-a626-9c7f08c455aa","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"27683fb4-a600-4ab7-9778-e35646db0cb1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8aced241-1f04-449c-a3bd-6b1d779392db","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3d07afa0-2a7a-412c-944a-b8cd2ded1b84","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"96648847-ace1-4841-bc8d-2cb2b6050294","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"debfa5ce-7d43-4bfc-b722-fcb19bf56c9a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"50aeb3de-82a2-4cc9-8045-e0228b0509d1","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"5223a069-d36c-4d6f-a584-8de37bccc892","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b33ed4f8-1ba4-4d8d-ad79-9fe007b58b71","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6abb5923-cf6a-4f9e-bf5a-cac5ce4f1253","name":"ADVobfuscator","type":"tool","source":"Trellix TIG","software_attack_id":"S3443","tidal_id":"e75e008a-1b71-588d-a508-c6c4426537be","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"6c82fc65-864a-4a8c-80ed-80a69920c44f","name":"Advpack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3308","tidal_id":"5757489d-b7ec-5c14-98fd-53b1b011abc7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"44a4a888-434d-46fa-998d-621999a2f99a","name":"Advpack.dll","description":"[[Advpack.dll - LOLBAS Project](/references/837ccb3c-316d-4d96-8a33-b5df40870aba)]","source":"Tidal Cyber","associated_software_id":"0c7f7926-3935-46ea-b430-3841acab3120","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2583b679-4b6d-4c48-a3f5-ff319c3184fb","tag":"7a457caf-c3b6-4a48-84cf-c1f50a2eda27"},{"id":"851ebe35-ffb8-406d-8a93-533a6ef452ac","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"691807ca-fe90-453f-b795-85738fa6e0cd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ef7f4f5f-6f30-4059-87d1-cd8375bf1bee","name":"ADVSTORESHELL","type":"malware","source":"MITRE","software_attack_id":"S0045","tidal_id":"291736f1-12d6-558f-9372-789dc7d1466b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2d1033ed-dcb0-4ff8-b994-c27c7472e4e5","name":"EVILTOSS","description":"","source":"MITRE","associated_software_id":"87b3c2d9-49fa-4f4d-bcc0-91c610aafd3e","owner_id":null,"owner_name":null},{"id":"ae90ab5b-29e8-41c2-b814-686e7e6f40f6","name":"NETUI","description":"","source":"MITRE","associated_software_id":"aee4bdbe-dcdb-456e-b198-a9ec4dd0dea9","owner_id":null,"owner_name":null},{"id":"404e76ad-994c-4cc3-b20a-3d3d2143d8bf","name":"Sedreco","description":"","source":"MITRE","associated_software_id":"66cd7902-e578-4054-8dc4-a5e027e914b4","owner_id":null,"owner_name":null},{"id":"3301e250-f632-4680-897c-137c01399ffb","name":"AZZY","description":"","source":"MITRE","associated_software_id":"60d36859-4803-4a84-8ce6-b7aead8b0dd8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"70a54294-2e0b-4e68-8c88-561b3f69aa92","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8d65e441-db93-4393-98db-4ce8889700e2","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"45c08a24-a8ab-4f19-b03f-30c37b6feea9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f27c9a91-c618-40c6-837d-089ba4d80f45","name":"Agent.btz","type":"malware","source":"MITRE","software_attack_id":"S0092","tidal_id":"c9afa306-8f88-5965-80ac-add2ce5c43f2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7b341594-0660-4e4e-aaba-5013cf1c5675","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"18620874-7c4e-4330-a340-9ae8a541ca29","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"27fa7573-c1d3-4857-8a45-ef501c8ea32c","name":"AgentExecutor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3326","tidal_id":"dd9a71ee-88fe-53a6-a6ae-cef8040cb681","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c58bc73c-1b0a-4a56-9ba4-e79db95da968","name":"AgentExecutor.exe","description":"[[AgentExecutor.exe - LOLBAS Project](/references/633d7f25-df9d-4619-9aa9-92d1d9d225d7)]","source":"Tidal Cyber","associated_software_id":"15123fcb-0ba8-492a-bada-552d828af096","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e4457990-cb83-4b31-9638-0ba09dc3b8e9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2a975eb-262d-4bf9-b1de-00cd6b508d64","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"304650b1-a0b5-460c-9210-23a5b53815a4","name":"Agent Tesla","type":"malware","source":"MITRE","software_attack_id":"S0331","tidal_id":"9436e32a-c442-5ac2-8d56-22fd29f0f7e8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f758009-ee07-4bf3-9f9c-d35740daab82","tag":"d11d22a2-518d-4727-975b-d04d8826e4c0"},{"id":"a113f4f7-25bf-4dde-bebd-fdd5d862c9b0","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"27c5cefc-f81d-4f06-a804-7ec5a777dabb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"96ae0e1e-975a-5e11-adbe-c79ee17cee11","name":"Akira","type":"malware","source":"MITRE","software_attack_id":"S1129","tidal_id":"b6c06957-3d86-579a-a81a-2d7d25b8a8c6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kersten Akira 2023](https://app.tidalcyber.com/references/df191993-a2cb-5d26-960c-11d1c6d3d73b)][[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b1b66142-5a4c-4ce6-a16d-2fc29fae5011","tag":"fde14c10-e749-4c04-b97f-1d9fbd6e72e7"},{"id":"2f6e6b57-f89a-4bba-85ed-b6318b381336","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b95ca7f3-8826-46bd-8a7b-e9922e81e61a","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"264708f9-1d11-490f-8253-3ce0b9d079e5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"479b448a-5cef-4a3b-a4fb-c95648655836","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ea82e8c2-9988-4c4f-a55b-ac5de61bdeb5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"cd9e98cb-0dd0-425a-bf71-d0801ba38c00","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e14b1eaf-c6c4-4067-869a-9007616c62fa","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"}],"owner_name":null},{"id":"48f864a6-724e-4dbc-8428-981670bcd07a","name":"Akira (Linux/ESXi)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3414","tidal_id":"bfe388ca-44b2-5872-8c57-5110b2d01ba9","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Cyble September 21 2023](/references/c9a58515-f911-4328-9237-daccd88711a5)][[Unit 42 December 2 2024](/references/3d0c4862-a67e-4f8e-8045-05596854f14b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e37c6464-a83f-4c4f-ad21-39692b3d6731","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"9f12e45d-3473-45a7-80b4-63030ae29b5d","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"45295417-66d1-4070-abe7-e7685ceffa83","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"af3ac8b1-e6df-4c08-aaf2-d1e7611a2284","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"63ccce73-f86b-424d-8dc8-06fff37c846d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8b5ac1e6-82b3-400c-82ac-daf07aaacb23","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"23bfb1d1-2000-5b0e-8f68-5bd67dc31d44","name":"Akira _v2","type":"malware","source":"MITRE","software_attack_id":"S1194","tidal_id":"23bfb1d1-2000-5b0e-8f68-5bd67dc31d44","platforms":[],"associated_software":[],"groups":[{"description":"[[CISA Akira Ransomware APR 2024](https://app.tidalcyber.com/references/bfa99833-7ddf-576a-958c-adac87da09c8)][[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)]\n[[Palo Alto Howling Scorpius DEC 2024](https://app.tidalcyber.com/references/26d3e738-8921-51bc-a71c-7e74278a6a78)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e140cb40-e9da-48a6-9fa9-348623e5a24f","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"517d7cef-f9f1-4a3f-a55e-8e367eadff70","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"4f6bddeb-0a07-4ba4-9d4d-1604896721a9","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"facdf18c-54b3-4298-a6d1-85dabe04b1cb","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"f173ec20-ef40-436b-a859-fef017e1e767","name":"Amadey","type":"malware","source":"MITRE","software_attack_id":"S1025","tidal_id":"e61da200-a3ed-5de0-aa68-4ba4475dba0e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)][[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Frequent freeloader part II](/references/ac413fbf-766c-41f4-8a48-2ade5913e6ea)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Korean FSI TA505 2020](https://app.tidalcyber.com/references/d4e2c109-341c-45b3-9d41-3eb980724524)][[BlackBerry Amadey 2020](https://app.tidalcyber.com/references/21b7a7c7-55a2-4235-ba11-d34ba68d1bf5)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"48bf5f7d-6093-4fad-bfa6-6c8f6449dfef","tag":"fa84181d-fd9a-4c7b-8e18-e47011993b5e"},{"id":"9d746ba0-5092-485f-9d9c-c5e21fd41776","tag":"263adb48-051c-4384-90cf-1d4c937c3f05"},{"id":"946d998b-11df-4457-bd1b-3dcde981ebb4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9521c535-1043-4b82-ba5d-e5eaeca500ee","name":"Anchor","type":"malware","source":"MITRE","software_attack_id":"S0504","tidal_id":"e7b27df9-7e39-5657-ad1c-c8e7a245573a","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"11d8729e-7635-465f-8629-e4a15e317e02","name":"Anchor_DNS","description":"[[Cyberreason Anchor December 2019](https://app.tidalcyber.com/references/a8dc5598-9963-4a1d-a473-bee8d2c72c57)][[Medium Anchor DNS July 2020](https://app.tidalcyber.com/references/de246d53-385f-44be-bf0f-25a76442b835)]","source":"MITRE","associated_software_id":"4c66b92a-bfac-4f12-a319-3a16b59f9408","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"02644803-c675-4edc-a3c9-3797b1272681","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"69aac793-9e6a-5167-bc62-823189ee2f7b","name":"ANDROMEDA","type":"malware","source":"MITRE","software_attack_id":"S1074","tidal_id":"7943cf93-68d3-52d9-ac61-56c268686a7b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant Suspected Turla Campaign February 2023](/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"8efa90ac-a894-467d-8633-16a44d270358","name":"Angry IP Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3114","tidal_id":"b525ba7b-dcb4-5af5-b843-02892be5f3fd","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23cdaef8-7297-49af-977a-28268970f3e6","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"e2433073-494f-47a1-a15d-2228bee5830a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"62cbdfc4-e52d-4a7b-9b72-142e88677e4c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"30bb25cc-46ae-44b0-9986-b594b2088101","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a35bb162-34d5-4432-85a4-bf7781f678ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7de2b841-65cd-4df3-8711-4ed3183425ca","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"0d1963dd-06d0-4276-b6eb-f28794781abd","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6dd23125-3ca5-4cbd-b1d3-8115dd686c9b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2109ac0f-3136-42b6-9bb4-48e661ab752f","name":"Anubis Backdoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3458","tidal_id":"6ef2ef7e-4f15-5a87-bcee-524d43a2e456","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8413360f-d325-4253-a455-01c888236785","name":"Anubis","description":"[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]","source":"Tidal Cyber","associated_software_id":"25ccddc9-98c5-4fe3-bbb1-8adb668ea95d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"db1d9b9d-2f73-46cc-8e44-f65e2a6bd97c","name":"AnubisBackdoor","description":"[[G DATA CyberDefense AG March 20 2025](/references/a9b00314-5a02-4fa8-9d34-27f05a71ff3c)]","source":"Tidal Cyber","associated_software_id":"f54ae1bd-ae88-406b-871c-e0a087819eca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"159f8e59-cfa4-4b6a-b15e-8fdb0973e0ec","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f8308bc1-68e0-4e55-9e7e-05668d7c531c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"14fa0748-b05a-413d-b221-d42baa2cff78","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"637b89c8-e3f4-4eee-a86d-846518f1c5be","name":"Anubis Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3502","tidal_id":"6c9b64d5-80de-501e-82a3-d0adbe6d775e","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kelacyber February 25 2025](/references/321f34fb-b80b-4bd3-bceb-e51b6214b883)]","group_attack_id":"G3111","group_id":"8a280bdd-d14c-43ca-b5cb-bd68e1fda44a","name":"Anubis Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9e61945f-54f3-4903-9db0-210979bebf0b","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"f9417476-0f0d-476b-93b9-a58df59505ad","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"602e4072-411e-4aa0-9f52-4e65d548c030","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"97471dc9-c003-45f2-8979-274c5075f669","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"62601604-6a8b-41fb-8f0a-028e67299813","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e38e7539-90e4-4715-a2b3-30d6fe061876","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"922447fd-f41e-4bcf-b479-88137c81099c","name":"AnyDesk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3027","tidal_id":"2a9ce398-af06-5937-9280-7c60f52334b2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Scattered Spider SIM Swapping December 22 2022](/references/e48760ba-2752-4d30-8f99-152c81f63017)][[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Pioneer Kitten August 28 2024](/references/783f4aee-84d9-43dc-accc-99fee6b1ff92)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft BlackByte 2023](/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Check Point Research Rhysida August 08 2023](/references/0d01416f-4888-4b68-be47-a3245549cec5)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)][[Secureworks North Korea IT Workers October 16 2024](/references/0eff6062-2b77-414b-a26e-fb0c2958d80d)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cisco Talos Q2 Trends July 26 2023](/references/f5367abc-e776-41a0-b8e5-6dc60079c081)]","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog August 28 2024](/references/940c0755-18df-4fcb-9691-9f2eb45e6441)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"07194be6-8e4e-40c4-8ad5-065d612f797e","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"dc0966ef-6389-430e-82b8-37c41c2b2a4b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b40b4ac9-bbfc-473b-8162-5b615461bc07","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"a95ce68f-9f40-496f-be1a-e53c1e73b98d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"3418ba6c-b724-4f40-a802-170471674040","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"866116dc-7ff9-4f3d-93ba-689a8977d2cf","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"beb65313-54e8-4254-b025-444ea999d17f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"630c474f-1d06-4926-977f-aa00b1d531a2","tag":"fb06d216-f535-45c1-993a-8c1b7aa2111c"},{"id":"71cb82c8-06b1-4541-a822-bb10e3a87d4f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"03be6e9a-e0a0-495c-8ed0-6aecfab47b2b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4b9260c9-f092-40c9-b432-275fc2e5df57","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"47404122-536d-4de7-a6bc-daf8a0bed524","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3ebc8d64-b939-4d54-b691-0e4596d9cec4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"e20bc410-2e49-4c33-b02d-4d4b6d4e0271","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"c966ce7c-480a-43eb-8a15-439aebdefecd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d52fadf2-8b20-4f7c-95cb-dc3d2410aaf6","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"d42d4804-36c4-48f8-af7c-54300a49cd8d","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"7fb10cc5-8f1a-451b-a216-0d4350f8fce0","name":"AnyViewer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3505","tidal_id":"581d46df-bb37-58ef-9700-db2191241482","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"24170101-a013-4e6a-b3e1-5f2fc473b020","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"af8a3e20-7e9f-4f97-a57d-c1f4a391b5c5","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9e49ee36-1805-456c-bff0-ff4d9450c8c3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2a903973-d741-4032-9059-a923ad5c6afe","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6682b27a-4ec0-4c33-805a-e6ba1ae99334","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f525a28f-2500-585c-a1c7-063ecec8376e","name":"Apostle","type":"malware","source":"MITRE","software_attack_id":"S1133","tidal_id":"f525a28f-2500-585c-a1c7-063ecec8376e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) has used [Apostle](https://app.tidalcyber.com/software/f525a28f-2500-585c-a1c7-063ecec8376e) as both a wiper and ransomware-like effects capability in intrusions.[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b202e144-78a5-4315-9824-6388319d54dd","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c78da8b4-5046-499c-ade5-6bd54f5b1bf0","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"93e478c6-80c9-4ca3-ad17-fc650332fdcc","name":"AppCert","type":"tool","source":"Tidal Cyber","software_attack_id":"S3479","tidal_id":"4622eebd-8abd-50fc-8ad3-6018173af70d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f9cd6051-ede8-4eb8-b614-e085f1a17bd2","name":"AppCert.exe","description":"[[AppCert.exe - LOLBAS Project](/references/bc17c39a-5865-4c1e-b60e-06005a7302c9)]","source":"Tidal Cyber","associated_software_id":"fb5b3d09-8704-449c-bbf2-b7ddd4f853bd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"88c7f6a8-c0e5-4c0e-81d9-84eba02fab81","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5c48ee09-a4e0-4a68-ba91-2e7151c5695b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9fa7c759-172f-4ae3-ac3d-0070c3c4c439","name":"AppInstaller","type":"tool","source":"Tidal Cyber","software_attack_id":"S3191","tidal_id":"acf924d4-16ff-5075-84d9-c2d583b9b8eb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a0005bf8-6217-4556-9f3e-a4578669d4b8","name":"AppInstaller.exe","description":"[[AppInstaller.exe - LOLBAS Project](/references/9a777e7c-e76c-465c-8b45-67503e715f7e)]","source":"Tidal Cyber","associated_software_id":"705af422-c1e8-48e4-97e1-8693ac97e3da","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"81c7378f-b443-4680-bfbe-45d994b234c6","tag":"837cf289-ad09-48ca-adf9-b46b07015666"},{"id":"967b4451-4db8-4d59-9d06-b9ec1ab0cdf5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"334b7e47-6bf1-4c02-a519-218f07d94c67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cdeb3110-07e5-4c3d-9eef-e6f2b760ef33","name":"AppleJeus","type":"malware","source":"MITRE","software_attack_id":"S0584","tidal_id":"0d16e40f-4e2f-5ddd-b9f7-6a1646bdedf6","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA AppleJeus Feb 2021](https://app.tidalcyber.com/references/6873e14d-eba4-4e3c-9ccf-cec1d760f0be)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"303ae469-ff23-4c02-9e5a-69c51385fde6","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"d0aecae8-8500-4b31-a319-a4c1c3f4fd7b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"ef235cb1-728d-4c01-909f-67f30a9fd2ff","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9df2e42e-b454-46ea-b50d-2f7d999f3d42","name":"AppleSeed","type":"malware","source":"MITRE","software_attack_id":"S0622","tidal_id":"2854bcc3-7c8b-5cea-9a5b-b7cf6f08723b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Malwarebytes Kimsuky June 2021](https://app.tidalcyber.com/references/9a497c56-f1d3-4889-8c1a-14b013f14668)][[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f1f68208-90a7-4f22-b260-f26b9746c903","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1328ae5d-7220-46bb-a7ee-0c5a31eeda7f","name":"Appvlp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3327","tidal_id":"aca7d655-16ba-5e3e-b728-edbf2f77e748","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"82eb4e28-3b8c-4f30-8524-c57d6bbf3500","name":"Appvlp.exe","description":"[[Appvlp.exe - LOLBAS Project](/references/b0afe3e8-9f1d-4295-8811-8dfbe993c337)]","source":"Tidal Cyber","associated_software_id":"b2e6135b-4a85-48a4-b654-8348a9e6a9b7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e66c2adf-46d1-411e-a2a9-0c0ee18b8a63","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"bde213b8-1e0c-4289-9a34-6b58a763671f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5bf1ed41-8fe5-4c4b-8d80-a55980289e1f","name":"AresLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3001","tidal_id":"0f70fc61-c227-5e7f-aa6b-ca22df71f934","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ccc6544d-e6f8-4195-ae7a-8776cccb94f5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bbebc35f-7cf8-41a5-91c5-2e9822ad49cc","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"5b950e45-00e0-4f2c-8a81-0bd473c1ba11","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7ba79887-d496-47aa-8b71-df7f46329322","name":"Aria-body","type":"malware","source":"MITRE","software_attack_id":"S0456","tidal_id":"b514b1a4-6809-5235-a0bc-c9538deb67f9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CheckPoint Naikon May 2020](https://app.tidalcyber.com/references/f080acab-a6a0-42e1-98ff-45e415393648)][[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"45b51950-6190-4572-b1a2-7c69d865251e","name":"Arp","type":"tool","source":"MITRE","software_attack_id":"S0099","tidal_id":"b48818d9-c192-5a2f-9ed3-effa5b8a811c","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1a897efb-d18b-4e39-a7e0-73d995ee0e5a","name":"arp.exe","description":"","source":"MITRE","associated_software_id":"993a4563-9d3f-41b3-b677-430dbaf9bf30","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [Arp](https://app.tidalcyber.com/software/45b51950-6190-4572-b1a2-7c69d865251e) to identify connected hosts in victim networks.[[FBI BlackByte 2022](https://app.tidalcyber.com/references/b206b4fd-7c8a-5e5c-a0a4-737a5502df80)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4289095a-7e21-4a8b-8c62-f9ea5d3c9b9f","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5000e8fe-3439-4c8b-974f-e02caa487558","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"caed9927-222d-4a99-a9a1-8634abb5ad6e","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"a11d0686-56c7-4d6e-b136-caf88483c3fe","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"9b4bb2f3-fdbf-43ee-9518-ba774a011be4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"07bfd264-a8f4-46a5-89a4-a4b482b41b80","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a468a714-48ab-4f7b-8078-6f9705725136","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8bd5fd2d-b967-494d-a0d8-28ca4d6cb0d9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"449d3ef2-f46d-4e26-b809-d673b36cd090","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"32b05eb2-2355-4d08-83cc-0c161a323718","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"8e1da8da-0790-4b78-98b1-a7845df74a1b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9571fe2b-0c0c-4d38-8245-0d8dec8c7f34","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dfc7ec48-2773-4d78-bf96-cf2bada745b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"46c1fad6-23a4-4dbc-a9a5-ff43b1902d5e","name":"Asnarok","type":"malware","source":"Tidal Cyber","software_attack_id":"S3409","tidal_id":"3b889f52-83e2-545c-8d4b-be5861ea9c33","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"cda9bf8a-fb47-43f4-9700-5603eb7fd34f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e8f04482-9918-48cc-a3f3-48c7a6d39589","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fefe1455-c699-4329-9648-150947821a10","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"42763dde-8226-4f31-a3ba-face2da84dd2","name":"Aspnet_Compiler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3192","tidal_id":"0499fe74-8b8f-5e9d-a09f-2b36880eceb2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6274b140-4eaf-42ed-9b08-ed971779ac2e","name":"Aspnet_Compiler.exe","description":"[[Aspnet_Compiler.exe - LOLBAS Project](/references/15864c56-115e-4163-b816-03bdb9bfd5c5)]","source":"Tidal Cyber","associated_software_id":"dd35fa20-68de-455d-8994-914b23cf51a6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c0a69610-ab30-43a4-8cc8-1b4ffb07561d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ebeb0279-2fac-485d-93b5-38f0041e326f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a0cce010-9158-45e5-978a-f002e5c31a03","name":"ASPXSpy","type":"malware","source":"MITRE","software_attack_id":"S0073","tidal_id":"e0d13e16-b5d2-5e38-bf36-1550c3f029b1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22f3ef46-ae31-45c9-8c4a-7be682c2a7ea","name":"ASPXTool","description":"","source":"MITRE","associated_software_id":"70694414-648a-487b-8eaf-beb2cc5ea348","owner_id":null,"owner_name":null}],"groups":[{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) relies on web shells for persistent access post exploitation, with an emphasis on variants of [ASPXSpy](https://app.tidalcyber.com/software/a0cce010-9158-45e5-978a-f002e5c31a03).[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Threat Group-3390](https://app.tidalcyber.com/groups/79be2f31-5626-425e-844c-fd9c99e38fe5) has used a modified version of ASPXSpy called ASPXTool.[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)][[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2bfaa7e5-492f-4bae-8142-fcc88cb9bc23","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ea719a35-cbe9-4503-873d-164f68ab4544","name":"Astaroth","type":"malware","source":"MITRE","software_attack_id":"S0373","tidal_id":"b073f636-37a9-5bf7-98d9-5ac11d1b0cc6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f49f4dfa-0011-4a27-9f13-ebd4b7b6eb0a","name":"Guildma","description":"[[Securelist Brazilian Banking Malware July 2020](https://app.tidalcyber.com/references/ccc34875-93f3-40ed-a9ee-f31b86708507)]","source":"MITRE","associated_software_id":"02f01a87-3a6f-4344-9241-653118990361","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"1e7de136-5bf5-4be3-9d16-59fae92c55e9","tag":"84d9893e-e338-442a-bfc0-3148ad5f716d"},{"id":"fefc9524-4aec-40f0-98fb-62f38cb3de94","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"bc86d5cb-1909-4819-9c6b-40d617a3ecae","name":"Astrill VPN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3506","tidal_id":"e2ed9998-dd31-5f95-820b-a0ceef4a769b","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fe8410b2-77fd-4337-aebd-e0d5687e74a0","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f98a79e1-aef5-479e-82ab-f7b1c0fec6e2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"b0475f99-8d29-4f71-90da-362baf2b8cb2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d63b58d7-3892-45d0-9936-cb82c0602a9c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d587efff-4699-51c7-a4cc-bdbd1b302ed4","name":"AsyncRAT","type":"tool","source":"MITRE","software_attack_id":"S1087","tidal_id":"eb0f5e71-7ec0-5c4a-bbe2-4d576610ed85","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)][[Morphisec Snip3 May 2021](https://app.tidalcyber.com/references/abe44c50-8347-5c98-8b04-d41afbe59d4c)][[Cisco Operation Layover September 2021](https://app.tidalcyber.com/references/f19b4bd5-99f9-54c0-bffe-cc9c052aea12)][[Telefonica Snip3 December 2021](https://app.tidalcyber.com/references/f026dd44-1491-505b-8a8a-e4f28c6cd6a7)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[jstnk9.github.io June 01 2022](/references/4e7f573d-f8cc-4538-9f8d-b945f037e46f)]","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"465d24ec-f2ce-4c3d-99ec-a547195eed03","tag":"9eaf6107-4d57-4bc7-b6d2-4541d5936672"},{"id":"be5156b9-ddf2-48c1-955f-52c8e9a39bc4","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8df9ed64-9ee9-41e2-8667-477c73dac4fc","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"302a830e-6b80-47de-b763-0b72a60ff809","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"2bd7155f-df55-4c71-beba-d04ce2b9cd2c","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"4b842edc-7fa2-43f2-83f4-8713dd06d722","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9ec9c79e-abec-4ed8-9ffb-af04026127d2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"02abf665-3e99-4364-9738-16503d63ad1e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"94fe3bc7-6332-4bfc-80e8-8db8c94a9189","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"3307678c-62ba-4b81-81f1-8598b4ed1c6c","tag":"d431939f-2dc0-410b-83f7-86c458125444"}],"owner_name":null},{"id":"af01dc7b-a2bc-4fda-bbfe-d2be889c2860","name":"at","type":"tool","source":"MITRE","software_attack_id":"S0110","tidal_id":"df6dd96b-c6c1-5ac3-ac44-a78d48d533e0","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d731100e-185c-488b-8861-cd5a71f11475","name":"at.exe","description":"","source":"MITRE","associated_software_id":"96ce505e-9144-473a-b197-0846ae712de8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"213aa71f-c9d7-4ae4-ba69-4c5bcac7ab19","tag":"5bc4c6c6-36df-4a53-920c-53e17d7027db"},{"id":"89cad735-6eb2-4bac-817f-00a5a9a549eb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ec65a58-c47c-4c47-9801-1be94691a18f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"2efae55c-86f3-4234-af26-1c75e922d81a","name":"Atbroker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3194","tidal_id":"1b80f155-516a-5922-9e33-20734818e1da","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"501b5a8f-93c2-4627-8944-52d0b80d91ad","name":"Atbroker.exe","description":"[[Atbroker.exe - LOLBAS Project](/references/b0c21b56-6591-49c3-8e67-328ddb7b436d)]","source":"Tidal Cyber","associated_software_id":"15e08d84-1977-4cc5-a73a-bd1cadff4bf0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"de6e18a8-c8d7-43e0-8b2d-be5308f3ca33","tag":"85a29262-64bd-443c-9e08-3ee26aac859b"},{"id":"66463781-7340-4237-9b0b-dc0afc6564a3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d5d93d1f-8865-45e7-88cf-ec25361e7cd7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f8113a9f-a706-46df-8370-a9cef1c75f30","name":"Atera Agent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3008","tidal_id":"b248e4c7-6d02-57c3-a987-b42d6e77ca8c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c7a40242-28f8-4660-b865-b020af4ecbf7","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"13addcea-987d-442c-a82b-f3f2e45f4b9c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"735ad8f6-cab7-4b74-8c62-211aa7e855e8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"82884b4d-53e8-41ed-9a9e-e2c27c953524","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"8c78032b-cc8c-409a-986b-ae222a2f3e5d","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"e9bd8ae4-46e4-4e48-a9e7-afb61bf9922a","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"e076fccb-e5db-4467-831b-d3bd7d7acdfe","tag":"9a5ed991-6fe7-49fe-8536-91defc449b18"},{"id":"09d035b1-04b0-4f75-9d11-1871add6a75b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"66cfef5c-d946-4a6b-bd0c-0b70e33c3c60","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"86717996-8559-43eb-b752-7adfe32c6493","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"335fb7e7-0b92-448c-8640-f22183751173","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3e1d82de-34eb-4542-9cf6-0c43f8b75cd2","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"240acdf2-716b-41f4-a4d3-1dc371df281a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"626c5b2c-899d-400c-bcc3-a5598bdda118","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6609a013-1c90-454d-9d75-c2ea7250bbf7","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"d9e58e1c-f61f-41ad-bec0-7b0d16470cbe","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"0dc7fbe0-61c0-4ab0-9df3-8b547aa59676","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"ce914eea-8db9-425b-8ae2-a56a264b4951","name":"Atomic Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3127","tidal_id":"356ed500-ee81-53f0-b7ff-717a8f47aa37","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"cb4b7705-372c-4cda-90d5-fa1e5665ef67","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4626665b-29e3-463b-aa54-2c4e22eb732b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"538b2ae9-7209-4a3b-991f-f7ac459c8c48","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"89c35e9f-b435-4f58-9073-f24c1ee8754f","name":"Attor","type":"malware","source":"MITRE","software_attack_id":"S0438","tidal_id":"21053716-663c-51a4-b6be-0d1209328fea","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2e25bdd2-3659-5f01-84a9-9b43dc13c8b6","name":"attrib","type":"tool","source":"MITRE","software_attack_id":"S1176","tidal_id":"2e25bdd2-3659-5f01-84a9-9b43dc13c8b6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0504ba3e-6c56-569e-b584-54fcccbbf336","name":"attrib.exe","description":"","source":"MITRE","associated_software_id":"5c32f86f-5ec6-417d-ac99-67bd67f7acd5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"09d1e32b-548f-482f-919b-5bd3f8648b67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"d0c25f14-5eb3-40c1-a890-2ab1349dff53","name":"AuditCred","type":"malware","source":"MITRE","software_attack_id":"S0347","tidal_id":"f690201a-5428-5c10-8a29-21d26e85418d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"259e2844-8b29-4310-abbb-44e3985586a0","name":"Roptimizer","description":"[[TrendMicro Lazarus Nov 2018](https://app.tidalcyber.com/references/4c697316-c13a-4243-be18-c0e059e4168c)]","source":"MITRE","associated_software_id":"cf4b3cc1-c60a-43ac-8599-fce5dbade473","owner_id":null,"owner_name":null}],"groups":[{"description":"[[TrendMicro Lazarus Nov 2018](https://app.tidalcyber.com/references/4c697316-c13a-4243-be18-c0e059e4168c)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"37264647-7582-415f-9b55-0919a1ce9a2a","name":"AuKill","type":"malware","source":"Tidal Cyber","software_attack_id":"S3459","tidal_id":"27c7b503-10d5-5bc3-b2eb-5187ae99ea84","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1e38576b-a146-4606-8dff-126806a46daf","name":"AvNeutralizer","description":"[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]","source":"Tidal Cyber","associated_software_id":"15c33bfb-8f93-4e10-9878-6571cdff58c1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"76912d0d-07e0-4012-9233-e2560fa430bb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"8f987bc8-c605-4701-80a6-70e8ac86c874","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"d6fc908e-9020-4e81-9c9e-9e0a5f2456ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"50cd15e6-f849-4e15-b3d2-9784ed92b7e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3f927596-5219-49eb-bd0d-57068b0e04ed","name":"AutoIt backdoor","type":"malware","source":"MITRE","software_attack_id":"S0129","tidal_id":"7e8cb223-d7de-5a3b-a250-fd76854efa6c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ecb06369-f049-47a8-a408-4ac27f1bc2c7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"984249bd-6421-4133-bd2a-25f330b4b441","name":"Automim","type":"tool","source":"Tidal Cyber","software_attack_id":"S3117","tidal_id":"1d808e8e-527f-5cbe-90d7-9fabf0953dec","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2d8e773b-d2c2-4d9d-85a3-3427eac62eac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5e31e927-c537-4111-9d36-89c555f026a5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a5e1e5fa-dad2-4714-8082-faf8bf5415c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ba725640-ec01-4f5c-95d3-207cdb08519a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0835a5d6-555b-4e3d-9319-612c18d6c1bc","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"649a4cfc-c0d0-412d-a28c-1bd4ed604ea8","name":"AuTo Stealer","type":"malware","source":"MITRE","software_attack_id":"S1029","tidal_id":"bbff90e9-290f-506b-bfcb-3f7500077047","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8e50454c-b2de-45eb-a262-95656594bf0b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"bad92974-35f6-4183-8024-b629140c6ee6","name":"Avaddon","type":"malware","source":"MITRE","software_attack_id":"S0640","tidal_id":"23be68c2-00aa-543d-bc6c-78206e135807","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a725f506-19a3-4105-acc0-c21b25bd0c39","tag":"8c65cb23-442d-4855-9d80-e0ac27bcfc48"},{"id":"b30ea359-ed82-45bd-826f-c6713b9eea74","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"f17d2b08-f738-491d-856a-5c11d952896f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"83268021-8e45-49b9-a4ad-9c211259acd6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"e5ca0192-e905-46a1-abef-ce1119c1f967","name":"Avenger","type":"malware","source":"MITRE","software_attack_id":"S0473","tidal_id":"f597e854-73da-54e9-a334-d7854a62f0dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"68f78ac3-54e3-4a11-9438-9e46980e2a8a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"e792dc8d-b0f4-5916-8850-a61ff53125d0","name":"AvosLocker","type":"malware","source":"MITRE","software_attack_id":"S1053","tidal_id":"1305ad62-9646-5860-bed1-e045828fa8ad","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"aa6c7536-63d7-4ee2-bdc3-c31b4b940276","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"067e53e3-8c66-43f0-b830-dab83df89976","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"cace509e-2729-4ae0-8da4-78ebdaef709b","tag":"c3779a84-8132-4c62-be2f-9312ad41c273"},{"id":"f5a97f95-4ccf-42bc-8ed7-7305fc590370","tag":"ce9f1048-09c1-49b0-a109-dd604afbf3cd"},{"id":"73c82c9f-8f95-4ea0-a031-53ac0284a175","tag":"fe3eb26d-6daa-4f82-b0dd-fc1e2fffbc2b"},{"id":"54fd8b77-8cd1-41e3-8fcc-ee54b7567897","tag":"9e4936f0-e3b7-4721-a638-58b2d093b2f2"},{"id":"f5be0234-4d0d-49ac-87bb-2ec09f592e5e","tag":"24448a05-2337-4bc9-a889-a83f2fd1f3ad"},{"id":"a031ca41-36e1-4da6-86b1-f1cb9bf46ac1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a7d1c58f-55d9-4012-89c7-7f97d241114f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7c877b25-4eef-49be-b7cb-ae61a4d2bfdf","name":"awk","type":"tool","source":"Trellix TIG","software_attack_id":"S3462","tidal_id":"67eecaab-5f46-59f5-a69c-7de2aa2c8162","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"8931f23b-506a-4234-948d-d020160520b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"aab3287b-932a-4208-af5e-d10abffb188b","name":"AzCopy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3187","tidal_id":"0fb6175b-99bb-5622-b686-7f6dfcea44cc","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"15b7cc2a-bea1-4357-b416-6f54591d8012","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"79f49d8e-15d0-48fa-894b-df20ff0f079f","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d5b4950c-b1b8-41cb-8571-723481cea2eb","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cc57e417-b34b-4827-b275-72585473dc73","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fe25e8b3-a571-4185-8987-c89c23fc9ec9","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"27f28e6d-6028-415d-87e0-982afcbed3a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1a4812ac-55bd-4977-8de9-7a258d0acbf3","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"636f1d4c-bd7b-4724-a9ac-41ac02b64323","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"cc68a7f0-c955-465f-bee0-2dacbb179078","name":"Azorult","type":"malware","source":"MITRE","software_attack_id":"S0344","tidal_id":"43f57dd5-a3e6-5b53-9531-70641498b18c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"be4cfe41-5255-4aa0-9e5e-0a6f03bc3014","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"97077575-6486-48ba-94f5-dfdc71069c3a","name":"AzureHound","type":"tool","source":"Tidal Cyber","software_attack_id":"S3490","tidal_id":"f8a5c036-ceaf-5248-b065-17f2369e3362","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"},{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog May 27 2025](/references/e7ea6602-f448-46f2-9ce8-9afbc226807d)]","group_attack_id":"G3104","group_id":"42219d16-7ed7-4716-b88f-b29a456f0f8d","name":"Void Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f82506d6-f9f9-40c4-9f1c-8a00802413a7","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"8bdd3122-8da4-41c8-836d-b6d674425321","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"0ddc8f26-00aa-47e9-a245-7be8da8ad3ea","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b9807b70-7fbc-40c1-8fa0-b7c7ee7c5e7e","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"e9a46f9e-9b62-4d2d-bba7-bafb4cf5b95e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"04cd4dd8-7182-4064-85a1-12d0b6fd3009","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1674b306-aa70-44f5-b373-24bb5fc51cfa","name":"Azure Storage Explorer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3186","tidal_id":"f445c6d4-342c-597e-8264-c3657097dfa4","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"08bcabc4-ae21-4793-b28b-b3d50a5c93d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fb484f44-deef-4825-b10e-a86c2fdcbccf","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"62736273-d986-4016-88d6-e033e542a162","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e558e5ef-7681-4de9-9c91-f5a94dce12b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0cc01ff5-02f7-4f38-9c2b-3c177a97c7c5","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"608bb0c1-d466-467f-9dd2-d7e7014e9c17","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"73922105-240d-4c33-859a-256208dfa2cd","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6505a1e4-b4fc-4d0b-90e1-152e4698925f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"0dc07eb9-66df-4116-b1bc-7020ca6395a1","name":"Babuk","type":"malware","source":"MITRE","software_attack_id":"S0638","tidal_id":"e650c78f-c5eb-5743-b892-b086c16b6385","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4112f232-14ce-4bc8-b340-4f1614ceef03","name":"Vasa Locker","description":"[[Sogeti CERT ESEC Babuk March 2021](https://app.tidalcyber.com/references/e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e)][[McAfee Babuk February 2021](https://app.tidalcyber.com/references/bb23ca19-78bb-4406-90a4-bf82bd467e04)]","source":"MITRE","associated_software_id":"30583664-1270-4dab-bff3-83f394740ca8","owner_id":null,"owner_name":null},{"id":"b3ed8082-31ae-4614-8562-07f5ae639e0d","name":"Babyk","description":"[[Sogeti CERT ESEC Babuk March 2021](https://app.tidalcyber.com/references/e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e)][[McAfee Babuk February 2021](https://app.tidalcyber.com/references/bb23ca19-78bb-4406-90a4-bf82bd467e04)][[Trend Micro Ransomware February 2021](https://app.tidalcyber.com/references/64a86a3f-0160-4766-9ac1-7d287eb2c323)]","source":"MITRE","associated_software_id":"b9d20905-d9b0-41e8-8012-52cab3e626f1","owner_id":null,"owner_name":null}],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9ef65d5d-3ca0-4839-b566-e9b184d15fcf","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"a1d2e34a-677a-493f-bc53-6c5a122cb131","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"67a27dc1-40c6-472b-aef5-847c86d4f864","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"dd769d1b-c601-4780-8763-1c831288a83f","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"353b5580-2aa2-49c6-9b3e-c92432e7fe89","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"c490bac1-6340-4139-b1ad-d7d817c3fe67","tag":"b5962a84-f1c7-4d0d-985c-86301db95129"},{"id":"194b0a92-860f-4bc7-b6e3-6b48f2c2d532","tag":"12124060-8392-49a3-b7b7-1dde3ebc8e67"},{"id":"f043b4f7-55ac-4349-87b4-87d8a300d371","tag":"915e7ac2-b266-45d7-945c-cb04327d6246"},{"id":"8556b11f-5851-41fd-9219-6b7f650ce2f6","tag":"d713747c-2d53-487e-9dac-259230f04460"},{"id":"86b7993a-7e82-4bde-9785-f67078e08a98","tag":"fde4c246-7d2d-4d53-938b-44651cf273f1"},{"id":"57cf024d-a6be-4231-9866-5aba002cb143","tag":"964c2590-4b52-48c6-afff-9a6d72e68908"},{"id":"76e27f4a-1287-424a-91a5-182556525450","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b3ee469a-b165-4f40-a0ec-44da0e1f8c54","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"ebb824a2-abff-4bfd-87f0-d63cb02b62e6","name":"BabyShark","type":"malware","source":"MITRE","software_attack_id":"S0414","tidal_id":"33986001-4c71-5638-a9b3-e618ab162bb3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7be4b6d-b0be-5a27-8305-e8b7dfeb9f93","name":"LATEOP","description":"[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]","source":"MITRE","associated_software_id":"d8dbed83-9e23-4bb1-bd9e-2c8121a7f914","owner_id":null,"owner_name":null}],"groups":[{"description":"[[CISA AA20-301A Kimsuky](https://app.tidalcyber.com/references/685aa213-7902-46fb-b90a-64be5c851f73)][[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)][[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)][[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)][[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f4049d4c-e98c-4b74-8c5e-e1b0d1a669f6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2763ad8c-cf4e-42eb-88db-a40ff8f96cf9","name":"BackConfig","type":"malware","source":"MITRE","software_attack_id":"S0475","tidal_id":"ec2af67b-6a9b-5fea-9f69-c02bae06d3af","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 BackConfig May 2020](https://app.tidalcyber.com/references/f26629db-c641-4b6b-abbf-b55b9cc91cf1)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8e87e45b-f690-465d-b95b-c30a037ebde4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f7cc5974-767c-4cb4-acc7-36295a386ce5","name":"Backdoor.Oldrea","type":"malware","source":"MITRE","software_attack_id":"S0093","tidal_id":"5ef0f530-dd1a-5b34-b7a5-89830606e9c6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cefb8684-f2de-48a7-a76f-15823a6f5410","name":"Havex","description":"","source":"MITRE","associated_software_id":"044ca42d-c9cf-4f75-b119-1df3c80a3afd","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Dragonfly](https://app.tidalcyber.com/references/9514c5cd-2ed6-4dbf-aa9e-1c425e969226)][[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c7743d50-54ce-4642-ad71-34a909a737c5","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"d0daaa00-68e1-4568-bb08-3f28bcd82c63","name":"BACKSPACE","type":"malware","source":"MITRE","software_attack_id":"S0031","tidal_id":"4f0c9849-76a5-57f9-8f21-4ba5af7023a9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a258d65f-c9ee-4074-9cfd-710dbb0d2c05","name":"Lecna","description":"","source":"MITRE","associated_software_id":"4f538bd5-3e2a-44f7-b58e-97219284df55","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"765055eb-1df0-43c5-b806-dcc3567ebcce","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5a9a7a54-21cb-4a5c-bef0-d37f8678bf46","name":"Backstab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3028","tidal_id":"6861c43c-21fc-5f91-9e0e-d89ae2c516fc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"568a6c55-c0ca-404c-8f4c-1777b09625c9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"febf1fd5-619e-4e35-969a-879ee537d934","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"78f5503b-9a27-46e2-909a-a3f96421df6c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"41504349-5861-4a20-83d5-dc9f550cfe9b","tag":"d469efcf-4feb-4149-9c0f-c4b7821960bd"},{"id":"bff63719-992c-4cde-b6bb-9508d8f72031","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"5def64f3-9391-4b53-921f-56b2e5c5a06a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c18f1943-9457-4332-8f32-2562b0a41202","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cc900678-594f-4cf9-8c83-13b310ea64bf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"96e82dc2-7749-40f3-b17d-f7fa1cf46682","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"39c0b607-af53-475c-bb00-5230b579bf2f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"1bfada90-77b5-49fa-bcd3-4ded204554f4","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"6d99bac9-a7c3-4952-9a9a-c5f5128b75c6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f3342adf-3ea2-4ce8-9b77-a275053d5689","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"2aaa88a1-028e-4623-9d1e-13bd3e679f5c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c9fc9bb1-47a9-4107-b86d-c29ac8ebbab8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d7aa53a5-0912-4952-8f7f-55698e933c3b","name":"BADCALL","type":"malware","source":"MITRE","software_attack_id":"S0245","tidal_id":"189785c2-2f3d-5931-b396-d9d87f61e237","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT BADCALL](https://app.tidalcyber.com/references/aeb4ff70-fa98-474c-8337-9e50d07ee378)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8c454294-81cb-45d0-b299-818994ad3e6f","name":"BADFLICK","type":"malware","source":"MITRE","software_attack_id":"S0642","tidal_id":"36b96038-5d45-5351-8342-a19df2ec724a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)][[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f145202-0b56-4dc5-9807-6d6a1f0c3355","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"16481e0f-49d5-54c1-a1fe-16d9e7f8d08c","name":"BADHATCH","type":"malware","source":"MITRE","software_attack_id":"S1081","tidal_id":"c1e9f063-1a79-55d2-9764-17b9ee8cc08e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[BitDefender BADHATCH Mar 2021](https://app.tidalcyber.com/references/958cfc9a-901c-549d-96c2-956272b240e3)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"34c24d27-c779-42a4-9f61-3f0d3fea6fd4","name":"BADNEWS","type":"malware","source":"MITRE","software_attack_id":"S0128","tidal_id":"d48e4606-6608-5189-a23d-85f15715c2fe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)][[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"10e76722-4b52-47f6-9276-70e95fecb26b","name":"BadPatch","type":"malware","source":"MITRE","software_attack_id":"S0337","tidal_id":"984cb53d-da37-5b8e-8ecd-c246aed3818b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4b59bf81-d351-436e-aebc-f0111a892395","name":"BadPotato","type":"malware","source":"Tidal Cyber","software_attack_id":"S3070","tidal_id":"2458db54-9090-5be4-a9fc-60ee5803ac1c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"480ea3d0-6af3-4ec9-bfb8-4ea3fc801083","name":"BadPotato.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"c7f019bb-94bb-4243-a1bc-f4f8caae5a8d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f37d77ef-a4bb-4b5b-9a22-fd453b78ded2","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"76f02979-cefe-43fb-b33d-c79495e782d8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1f5651f6-5b67-4b84-9b99-63ae5516c15e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f2332971-2cbc-4164-82f1-17c39ba4f366","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"7e4452c2-e0bd-4456-b8fa-b1fe8ba91487","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b3ed9ca0-8f1c-40e5-8b33-9382e9f6a394","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4df38b7c-13c1-4fdc-9618-a07878e18198","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b91306de-8227-4e30-9c6a-9335d0eac593","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a1d86d8f-fa48-43aa-9833-7355750e455c","name":"Bad Rabbit","type":"malware","source":"MITRE","software_attack_id":"S0606","tidal_id":"1ae06c0f-9393-55ee-9909-26bd310738c1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"98c81574-1f3f-49fa-8f03-b5462bb3fc5d","name":"Win32/Diskcoder.D","description":"","source":"MITRE","associated_software_id":"1679c995-7141-40ac-a327-b5afc8f275c8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f846466d-eb9e-44e2-8dc0-6e95fe6fd6b9","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"392fcd19-4b9d-4712-83eb-e596981e5b3e","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"85008426-03ac-4831-ae6a-6199b5318f85","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"5e40a780-d817-429e-94de-ec747d73928a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"fca1416d-99fa-438f-8444-de781c48d0f1","name":"BadRentdrv2","type":"tool","source":"Trellix TIG","software_attack_id":"S3393","tidal_id":"6a72a680-039d-51cc-928a-014eb2506320","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7e6aa39b-c504-4deb-aed6-b0e491e898d0","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"5c0f8c35-88ff-40a1-977a-af5ce534e932","name":"Bandook","type":"malware","source":"MITRE","software_attack_id":"S0234","tidal_id":"6f259cea-1891-5b99-8c72-3cd6a763ca88","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)][[CheckPoint Bandook Nov 2020](https://app.tidalcyber.com/references/352652a9-86c9-42e1-8ee0-968180c6a51e)] ","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"77ead4da-667d-46d5-8872-ae7edeb4cc35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"24b8471d-698f-48cc-b47a-8fbbaf28b293","name":"Bankshot","type":"malware","source":"MITRE","software_attack_id":"S0239","tidal_id":"875189cb-89d2-5b50-9fac-7ee14d908cb1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d00a70a9-1cc3-4a56-8977-43071092e5bc","name":"Trojan Manuscript","description":"[[McAfee Bankshot](https://app.tidalcyber.com/references/c748dc6c-8c19-4a5c-840f-3d47955a6c78)]","source":"MITRE","associated_software_id":"0bcd5b61-4408-4a35-9b8f-310cd23a4ca2","owner_id":null,"owner_name":null}],"groups":[{"description":"[[McAfee Bankshot](https://app.tidalcyber.com/references/c748dc6c-8c19-4a5c-840f-3d47955a6c78)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f8eedd1c-d05e-428a-ae30-f2fc7dd372e0","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"19ba91f1-7dca-4696-968e-60aaf4c2adab","name":"Banshee Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3416","tidal_id":"5e8ea87b-0d7b-5683-92a5-c6e09af68781","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"4ba66dd8-6f78-45ce-a4e9-bde874bb234e","name":"BANSHEE","description":"[[elastic.co August 15 2024](/references/9cfe5512-0fa8-48c3-8431-392aaa1a2baa)]","source":"Tidal Cyber","associated_software_id":"a565587b-e560-41c1-aa63-1724a7ec9600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"05b62ada-896c-4461-a665-b76b6f1ff20e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"f50b59b4-189b-40d6-a299-7b645ea47bb9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e9d28f12-26b3-4383-9f57-8699237ce2c8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cef3a09e-22ca-43dc-ad4a-95741a3b85ff","name":"Bash","type":"tool","source":"Tidal Cyber","software_attack_id":"S3195","tidal_id":"c57a04fd-da8c-5a4f-b07c-2178188cca7a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"233f9470-8e08-4b6a-830e-0a7c2e155a12","name":"Bash.exe","description":"[[Bash.exe - LOLBAS Project](/references/7d3efbc7-6abf-4f3f-aec8-686100bb90ad)]","source":"Tidal Cyber","associated_software_id":"fe0ff225-66b8-4629-86e3-9b4ce9bf6eb8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"73cda952-3be9-4150-934b-20751fe2414c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a17d2666-8411-4a47-9d94-04f2dac32a1b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"628037d4-962d-4f58-b32d-241d739bc62d","name":"Bat Armor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3029","tidal_id":"10a9a2a0-cde8-5962-8476-a467defab95e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4885d268-5d73-49af-87fc-285350342444","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d19fb34f-4994-42a6-931b-93bbfd00d652","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"d6d28f90-886d-48f6-8b85-06406828a40c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5d219448-796f-4643-ab6b-e19b8bd51e99","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"063ed741-0a53-424e-9dbb-513e48e2e593","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"40cd5145-c2f3-44e0-992e-f408309fb187","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"1664584b-cc77-46e7-acb7-25b33dc5dfa8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"37cef83a-37b9-42e1-b646-58e775e8b6d6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"38d4af52-5978-40d5-b9d7-b40ab29e14bd","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b5efd78e-e3cf-4a43-b290-9040eb54c94d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d88175a-d790-48f4-809b-7114df816a05","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b35d9817-6ead-4dbd-a2fa-4b8e217f8eac","name":"Bazar","type":"malware","source":"MITRE","software_attack_id":"S0534","tidal_id":"8669e8f7-586f-593c-bc65-7a69611e8ba9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cbebbbcc-31a5-4434-9f0a-4c88ae9a6044","name":"KEGTAP","description":"[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]","source":"MITRE","associated_software_id":"7de93c0d-efb9-481c-b1dc-ea5d786c47f9","owner_id":null,"owner_name":null},{"id":"471782a4-33da-4135-bf78-36c8edc02d02","name":"Team9","description":"[[Cybereason Bazar July 2020](https://app.tidalcyber.com/references/8819875a-5139-4dae-94c8-e7cc9f847580)][[NCC Group Team9 June 2020](https://app.tidalcyber.com/references/0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b)]","source":"MITRE","associated_software_id":"480398ef-e3b0-4434-b409-bc6bae0a56ea","owner_id":null,"owner_name":null},{"id":"d61f77aa-cfba-5030-9f72-ffeecb125464","name":"Bazaloader","description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","source":"MITRE","associated_software_id":"9157390e-2067-4016-af00-380d5cc39778","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Google EXOTIC LILY March 2022](https://app.tidalcyber.com/references/19d2cb48-bdb2-41fe-ba24-0769d7bd4d94)]","group_attack_id":"G1011","group_id":"396a4361-3e84-47bc-9544-58e287c05799","name":"EXOTIC LILY","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6337f8fe-abdd-4c9c-b43d-0462fe5cd11b","tag":"818c3d93-c010-44f4-82bc-b63b4bc6c3c2"},{"id":"92207af9-50cf-45a1-a88c-a63658696605","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"3daa5ae1-464e-4c0a-aa46-15264a2a0126","name":"BBK","type":"malware","source":"MITRE","software_attack_id":"S0470","tidal_id":"9ea3449f-83bd-5d84-9580-457980dcecae","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"479ebf83-5038-4d8c-90ce-79e27e1cd149","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"be4dab36-d499-4ac3-b204-5e309e3a5331","name":"BBSRAT","type":"malware","source":"MITRE","software_attack_id":"S0127","tidal_id":"0e173dbd-c40a-57cb-9bcc-c1ecdcfd62de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"bda52550-88a0-48f0-874a-600efc1f61df","name":"BCDEdit","type":"tool","source":"Trellix TIG","software_attack_id":"S3414","tidal_id":"b2a6a0a0-ba06-5438-aed0-bb1359ca1c52","platforms":[],"associated_software":[{"id":"5a0dea63-962c-41ea-8ee6-db41579d976c","name":"BCDEdit.exe","description":"","source":"Trellix TIG","associated_software_id":"347c72c3-3950-4c61-9a3e-6dc73981f43d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"17dde3c5-f5be-4459-afbb-b20f0e34d6a1","name":"Beast Ransomware (Linux/ESXi)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3519","tidal_id":"16131e68-192a-54bc-8d75-a1de7763dea4","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3119","group_id":"b3005b16-e25f-4f4c-b7d6-c125dea0ea60","name":"Beast Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fd960f70-adba-4b78-90aa-f6434bed7b10","tag":"70dc52b0-f317-4134-8a42-71aea1443707"},{"id":"7b7ec57a-47a4-4718-b9d4-9eeaeae1b7a8","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"b1033c18-07ac-4885-916b-be3af4449c98","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"8aee2175-cf67-49b0-8d44-f68c188682a0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fb880708-d065-4a33-9ee0-2aa5ebc2c571","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"12019e58-c62b-4b74-9353-d3d24603a435","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6b8578db-1dad-4f9c-a214-493d6c2c860f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"903b84b6-84c9-44fb-9c97-15285c653493","name":"Beast Ransomware (Windows)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3518","tidal_id":"8168d61a-0be5-525d-88ce-6d0243bb7339","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3119","group_id":"b3005b16-e25f-4f4c-b7d6-c125dea0ea60","name":"Beast Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c6a187e0-4e40-4bff-b8e1-1edfca213c88","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"75913a93-c986-45a8-b353-b0e54ea1e153","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e42726fc-5aa6-4d5f-a19c-8e867ec2fe56","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c1f104c2-af2e-422d-b9de-0e1a812e1ee9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"25e55e8d-5723-4353-a94e-c4e8a776a9aa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d1be401e-85cd-44ed-a9b9-7ad78380221b","name":"BeaverTail","type":"malware","source":"Tidal Cyber","software_attack_id":"S3471","tidal_id":"764d7e46-328b-54ee-bbb7-a0caf60b4aab","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)][[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d51034c1-e03b-4eac-a89f-4681d240a1ea","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"07b3cc95-769b-45ee-b7ec-b321d2b38f64","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"b99c5075-57f6-4138-be9c-316db2597db1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2ef9933e-1fc7-4f54-b2bd-e33dc7c924f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0841981-9310-4e48-be0f-3076c2207b8d","name":"BeeFlush","type":"malware","source":"Trellix TIG","software_attack_id":"S3460","tidal_id":"f322d770-f6de-57d4-8788-045a61f8784c","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"09032f68-c5f1-467f-baeb-25bf953a1131","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"a114a498-fcfd-4e0a-9d1e-e26750d71af8","name":"BendyBear","type":"malware","source":"MITRE","software_attack_id":"S0574","tidal_id":"9ef5206d-5836-5c76-8cf9-0342dd7b4481","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BlackTech September 27 2023](/references/309bfb48-76d1-4ae9-9c6a-30b54658133c)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3c22f0a8-0a19-4189-9300-ea75efa3d442","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"35faf622-83f8-4e2d-810f-f3caa369c416","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f63acc40-ffe6-47ce-a0c4-3f959d29c974","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dcc334f9-2376-4225-b242-0be99c6c9059","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"99005f44-fb72-5c19-80c6-3b660daf9b11","name":"BFG Agonizer","type":"malware","source":"MITRE","software_attack_id":"S1136","tidal_id":"99005f44-fb72-5c19-80c6-3b660daf9b11","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BFG Agonizer](https://app.tidalcyber.com/software/99005f44-fb72-5c19-80c6-3b660daf9b11) has been used by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) for wiping operations.[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fdffc1a9-3297-4118-b5e1-2f9b4b61b128","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"fe926654-0cff-4e8e-b192-2fa1eb8a9a67","name":"Bginfo","type":"tool","source":"Tidal Cyber","software_attack_id":"S3328","tidal_id":"3cbb5475-ee2e-5973-a173-3193399383a2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e85eca74-ca92-4480-8a4b-4a82efdbcd9c","name":"Bginfo.exe","description":"[[Bginfo.exe - LOLBAS Project](/references/ca1eaac2-7449-4a76-bec2-9dc5971fd808)]","source":"Tidal Cyber","associated_software_id":"0a62aa36-aeba-4d97-bddb-d24cdb7d6093","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e6c730fc-abf4-45c7-8611-878ab8c5ac7d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"96bdaa17-266b-4181-ae91-f5563f771a03","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a4fb341d-8010-433f-b8f1-a8781f961435","name":"BianLian Ransomware (Backdoor)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3010","tidal_id":"bbfbf3cc-ace2-52c9-b5d0-74cb81b83d3c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"47324d43-7729-4da1-a1b9-3063110ec36b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"50615366-ea12-4da3-a522-271f57c533e3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"06495340-b437-443d-82fa-91b07641d038","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"252f56c2-4c85-4a19-8451-371cb04c6ceb","name":"BianLian Ransomware (Encryptor)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3009","tidal_id":"3c310816-836e-55d3-8f28-5f3d7299b5e0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"74eddfbe-1ea0-4f41-a031-490ce7a682e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0259f95b-8dd0-4c90-8bee-3539c371654e","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ea4a2573-89da-43ff-922a-a8a05a4759aa","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"73a3ff57-bbca-4e7a-9378-2dbe1fe392e4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a1b97007-cfdf-4979-b7e0-26f3c770f68f","name":"BigFix","type":"tool","source":"Tidal Cyber","software_attack_id":"S3451","tidal_id":"3c60ef82-534e-5ce2-8a30-4549074cab49","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0a6afee0-808e-4e65-9b09-ac8c1d484e0c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"ba5efd93-9ef8-4302-8107-a130779a1407","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7bf09e66-1bb7-448c-9d2e-9c76a18db37b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"815fcf10-184b-4485-ad5f-446126559293","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"125afae6-bd31-4157-8c7d-750fe61b342b","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"f2ca81e2-5cac-4e79-aa59-bd517e53a660","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3ad98097-2d10-4aa1-9594-7e74828a3643","name":"BISCUIT","type":"malware","source":"MITRE","software_attack_id":"S0017","tidal_id":"50c80f98-1f44-5601-8839-fffe7d506a8d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b898816e-610f-4c2f-9045-d9f28a54ee58","name":"Bisonal","type":"malware","source":"MITRE","software_attack_id":"S0268","tidal_id":"09f53c58-3aef-5de9-ae6f-0d9701d2b379","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)][[Secureworks BRONZE HUNTLEY ](https://app.tidalcyber.com/references/9558ebc5-4de3-4b1d-b32c-a170adbc3451)][[Talos Bisonal Mar 2020](https://app.tidalcyber.com/references/eaecccff-e0a0-4fa0-81e5-799b23c26b5a)] ","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b1b08251-ea95-42c5-a2de-72548f4bc3c2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e7dec940-8701-4c06-9865-5b11c61c046d","name":"BitPaymer","type":"malware","source":"MITRE","software_attack_id":"S0570","tidal_id":"723b9792-fbdc-594c-a344-ecf0db5791d0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"30685f08-6fdb-42f6-88df-abf40c6afdd5","name":"wp_encrypt","description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]","source":"MITRE","associated_software_id":"3591563f-70f1-4bbc-aef8-7aa686e0fd48","owner_id":null,"owner_name":null},{"id":"3e6794a0-c8bb-4163-990b-4bfad4a7d30b","name":"FriedEx","description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]","source":"MITRE","associated_software_id":"cf8ab2a9-cef3-450b-ba43-5611d3202347","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)][[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9f152128-25af-4b3d-bf2f-cb7c84ffa65c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"65ecebfa-bc3d-4532-8aa5-163e5e0d1be7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"52a20d3d-1edd-4f17-87f0-b77c67d260b4","name":"BITSAdmin","type":"tool","source":"MITRE","software_attack_id":"S0190","tidal_id":"00799bb9-fc54-5533-ad38-66d04bef853b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"782fe1fa-34e1-46b2-9c5c-e25c2f1ffb63","name":"Bitsadmin.exe","description":"","source":"Tidal Cyber","associated_software_id":"0f4e83eb-bc61-485f-8e30-f28a051996fa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Ferocious Kitten Jun 2021](https://app.tidalcyber.com/references/b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50)]","group_attack_id":"G0137","group_id":"275ca7b0-3b21-4c3a-8b6f-57b6f0ffb6fb","name":"Ferocious Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [BITSAdmin](https://app.tidalcyber.com/software/52a20d3d-1edd-4f17-87f0-b77c67d260b4) to retrieve files from remote locations to run on victim systems.[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [BITSAdmin](https://app.tidalcyber.com/software/52a20d3d-1edd-4f17-87f0-b77c67d260b4) to download payloads.[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)][[RedCanary June Insights 2024](https://app.tidalcyber.com/references/0cef6940-843a-504c-832c-3a10d1b5f2f7)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tropic Trooper Mar 2018](https://app.tidalcyber.com/references/5d69d122-13bc-45c4-95ab-68283a21b699)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"516a6f4e-9bce-4bf0-8bc1-94109dd800b3","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"f441b73c-b2c2-49f2-a068-26293286e1cd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"37567a0f-1b25-46e3-a105-c3d58f654beb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5047ba02-8fc3-4aa4-9a20-379ed8336a12","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7a3af49b-13bc-4fb7-9a01-c5c5970e87a2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2855cef9-57cc-4b28-9571-5d80bfad4722","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"fd92039e-f869-4d35-8ab6-f6fe3018a630","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"4f8f98da-386c-4fe4-9fb1-bfb41541433d","tag":"10d09438-9ea5-405d-9b3a-36d351b5a5d9"},{"id":"dff4cfc0-00b3-4c7d-b2d3-4c41e456a1ec","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4e80b703-c562-4fc0-8fe6-0c49e3ce7e3b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"0d5b24ba-68dc-50fa-8268-3012180fe374","name":"Black Basta","type":"malware","source":"MITRE","software_attack_id":"S1070","tidal_id":"cd4b95a0-3579-5c7a-9670-f92692430425","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) is associated with the deployment of [Black Basta](https://app.tidalcyber.com/software/0d5b24ba-68dc-50fa-8268-3012180fe374) ransomware.[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)][[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bf9b0a1f-eebe-4d24-9404-e96542a11726","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"e45b685e-d0f2-461f-b40f-e1063c2f2751","tag":"da5af5bf-d4f3-4bbb-9638-57ea2dc2c776"},{"id":"261d1a7c-53fe-45cf-9d1e-4372f9af4297","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"992088c4-4279-41eb-bfad-fe28454650d6","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"a50ff940-e177-4e07-986b-0911ea23bc90","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"5001be11-039c-41a1-a889-49d99867f0a8","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"335fb216-1868-4046-80ba-7a74e79604e3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"066fd981-a684-4693-8f75-039e798ec001","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"bfce287f-b9cc-4706-9df2-36bed471f9a8","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"0f406d6f-9fe7-4093-ab32-3c3fe09dd26f","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"b8189b83-2868-420b-ae59-cc217683c241","tag":"dea4388a-b1f2-4f2a-9df9-108631d0d078"},{"id":"6c0ea691-dfef-4307-94d7-ed2364991fb8","tag":"2743d495-7728-4a75-9e5f-b64854039792"},{"id":"62af03f4-33e4-4dbe-beff-50734f990c04","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"88f1b71d-b467-4b1f-aee0-084fe5415de9","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"547c8259-2390-5e04-a5aa-db37da5cfdc1","name":"BlackByte 2.0 Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1181","tidal_id":"547c8259-2390-5e04-a5aa-db37da5cfdc1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte 2.0 Ransomware](https://app.tidalcyber.com/software/547c8259-2390-5e04-a5aa-db37da5cfdc1) is ransomware uniquely associated with [BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) operations and is a replacement for [BlackByte Ransomware](https://app.tidalcyber.com/software/a6a74c8f-320c-5102-ab17-9055bfb8359f).[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"db0c55b9-4084-47e8-955f-f9a632e57226","tag":"21ecb1dc-84db-4d74-a634-331c24c48a6c"},{"id":"71f215db-54ce-450e-a416-04a08fbbbfa3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"954f26ed-a57d-41ca-bd57-89966ab2f748","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"86d53e9e-dcc5-4ce1-9e94-d77096ff8e13","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a6a74c8f-320c-5102-ab17-9055bfb8359f","name":"BlackByte Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1180","tidal_id":"a6a74c8f-320c-5102-ab17-9055bfb8359f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte Ransomware](https://app.tidalcyber.com/software/a6a74c8f-320c-5102-ab17-9055bfb8359f) is ransomware uniquely associated with [BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) operations prior to 2023.[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)][[Trustwave BlackByte 2021](https://app.tidalcyber.com/references/ab94e4f7-7976-5ef8-acf9-99beb6182fa9)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1ba09718-82e0-4644-8584-cf7123ca88b4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e27608bc-3778-4015-9f43-04f282558db7","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"58d6ac84-4eca-441a-87fa-65c02d24bc77","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"691369e5-ef74-5ff9-bc20-34efeb4b6c5b","name":"BlackCat","type":"malware","source":"MITRE","software_attack_id":"S1068","tidal_id":"ced0bcd1-4859-5e7d-9cb9-e975bf4d0f83","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"542586e8-8af1-5926-a8af-3873ab660aa7","name":"ALPHV","description":"[[Microsoft BlackCat Jun 2022](https://app.tidalcyber.com/references/55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e)][[ACSC BlackCat Apr 2022](https://app.tidalcyber.com/references/3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d)]","source":"MITRE","associated_software_id":"e7af71b4-73c3-405a-9521-d239aa60eb20","owner_id":null,"owner_name":null},{"id":"a06013db-96b2-55d3-b677-bcb3a0c2b178","name":"Noberus","description":"[[ACSC BlackCat Apr 2022](https://app.tidalcyber.com/references/3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d)]","source":"MITRE","associated_software_id":"1db491da-16a4-4a9c-9b7c-c7e46f1a1dd0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has deployed [BlackCat](https://app.tidalcyber.com/software/691369e5-ef74-5ff9-bc20-34efeb4b6c5b) ransomware to victim environments for financial gain.[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)][[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7d95eeff-4172-4709-90db-6ee526d0f246","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"0265e942-2d87-4c68-b49d-0ab06d6ec057","tag":"d5248609-d9ed-4aad-849a-aa0476f85dea"},{"id":"eac89c24-0e82-4798-b3ca-f00cf93002b2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"e90904fe-3a7a-45ea-bcad-2300288d03c8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bed08429-13f2-41c7-8780-56ccfe2e038f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"54787da2-ac31-4519-8ddf-b5caf45e54b3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0879c50e-b9eb-45d3-9b6d-565a7b08ba97","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"e85e2fca-9347-4448-bfc1-342f29d5d6a1","name":"BLACKCOFFEE","type":"malware","source":"MITRE","software_attack_id":"S0069","tidal_id":"97221395-7869-5d47-98fa-94f49edf142c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT17](https://app.tidalcyber.com/references/a303f97a-72dd-4833-bac7-a421addc3242)]","group_attack_id":"G0025","group_id":"5f083251-f5dc-459a-abfc-47a1aa7f5094","name":"APT17","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"908216c7-3ad4-4e0c-9dd3-a7ed5d1c695f","name":"BlackEnergy","type":"malware","source":"MITRE","software_attack_id":"S0089","tidal_id":"c0b2d32d-d3c7-599c-b94a-54bb780979ed","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e7fda99-b472-456c-a777-fe2163aa9a94","name":"Black Energy","description":"","source":"MITRE","associated_software_id":"2efd4571-2913-4ea3-95f8-b2e1aef4f953","owner_id":null,"owner_name":null}],"groups":[{"description":"[[iSIGHT Sandworm 2014](https://app.tidalcyber.com/references/63622990-5467-42b2-8f45-b675dfc4dc8f)][[F-Secure BlackEnergy 2014](https://app.tidalcyber.com/references/5f228fb5-d959-4c4a-bb8c-f9dc01d5af07)][[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)][[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)][[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bc680b9d-e3ee-4f7e-9231-a0f78701e296","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"e56896fb-8a47-4fc8-a0e4-2a8a324da66d","name":"BlackLock Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3499","tidal_id":"2c7ed173-d474-5ae8-876d-76a0cd9686d0","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a8834e4-24bd-4ef8-8673-137df892a32b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"071586f2-450e-4363-b55d-a41b840bab35","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0921b14f-093e-4e27-b4f4-00762ed8ff76","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"8b542eec-e05b-4360-9989-e50836cf7c64","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c9a2b695-f494-4054-9e29-da777493fe5a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4cd25fac-0b5d-44e2-8df1-2c7de06b4b39","name":"BlackLotus","type":"malware","source":"Tidal Cyber","software_attack_id":"S3084","tidal_id":"7857ab79-6c51-5dad-8b07-6fc16a7b52ce","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8193cabe-23c6-435f-a456-8b2f6a3eab8e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"161494f1-b575-4f62-a207-cfba35a7800a","tag":"1a5a32ac-1db6-46b1-b72e-18bc3d776aed"},{"id":"837662ab-7d88-4bb2-a491-196d093bb34a","tag":"df78b317-ce5d-423c-ac42-1e328ab27ffd"},{"id":"4ed06bf8-59d3-4d77-8663-2e2307b6319c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"da348a51-d047-4144-9ba4-34d2ce964a11","name":"BlackMould","type":"malware","source":"MITRE","software_attack_id":"S0564","tidal_id":"042dc348-382a-5ad1-a6bc-297eb1924fb5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6e200813-4379-457b-9cce-2203bed4b072","name":"BlackSuit Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3139","tidal_id":"e632c8ef-8c19-564e-8fe6-eba42f1a37df","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2e6f96bd-51b4-4335-a788-ab4044aa9225","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"8cf29b00-eb70-4d75-a936-263e37f2abea","tag":"2917207f-aa63-4c4a-b2d2-be7e16d1f25c"},{"id":"d5b36ede-06ff-434f-97ac-139a0691c0e9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3b0bf699-9177-4e0f-acff-6b2eb1f419fd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d3529941-7644-4d5b-b1bb-9b4b31d99ebf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9ec3f84c-ed7f-47fe-91f5-b18eec225bc7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9aad8563-30fd-4c90-b1b5-8a2b16467539","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"22653e48-c21c-41ed-a795-dea628d5c3f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1af8ea81-40df-4fba-8d63-1858b8b31217","name":"BLINDINGCAN","type":"malware","source":"MITRE","software_attack_id":"S0520","tidal_id":"8d35ee7a-c0e7-5e53-9395-0ccb7a671b30","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT BLINDINGCAN Aug 2020](https://app.tidalcyber.com/references/0421788c-b807-4e19-897c-bfb4323feb16)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"72658763-8077-451e-8572-38858f8cacf3","name":"BloodHound","type":"tool","source":"MITRE","software_attack_id":"S0521","tidal_id":"52260547-92c5-56f5-ae58-b69217285093","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [BloodHound](https://app.tidalcyber.com/software/72658763-8077-451e-8572-38858f8cacf3) to profile Active Directory environments.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0f561a0b-10e9-4ad5-8179-7f7073e19ed6","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"aaec740e-f570-4542-bca8-ee5935ab0c50","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"9d9dfc74-e5fa-42ec-86fb-8262bb9c4700","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"f86cfd4a-648c-4751-8de2-90f2b6f734f7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b90f93cb-3461-42ec-bdc9-fe1b42ede88d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c55acca9-0eac-4c38-aeb4-55da24f12170","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f260c363-0964-45ce-ac7a-ab269be5e1d8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"43e07256-1480-47f8-8f25-3ee6a176a1d8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"88c27e17-d914-4c35-8957-fbb109898530","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"1a2c060c-4f21-4da9-ac88-db93e947095f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"de4b29fd-85e6-4a01-9519-11560130e524","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"05c2c3e6-4944-4df2-8eca-0f03d6bd3cb4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"a4e14428-a4b2-4f94-9f39-cb15c3f7e568","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d8cc4f03-32e6-4009-977d-ac2fe935e2d3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ee74abe8-2d01-489f-8d0f-8822ae8a3330","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"3aaaaf86-638b-4a65-be18-c6e6dcdcdb97","name":"BLUELIGHT","type":"malware","source":"MITRE","software_attack_id":"S0657","tidal_id":"e579c3dd-7876-5e09-8782-95670b160054","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Volexity InkySquid BLUELIGHT August 2021](https://app.tidalcyber.com/references/7e394434-364f-4e50-9a96-3e75dacc9866)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"593d8e57-0b4c-49a9-8d98-bb8e699a036c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"01ba1659-7314-4754-857d-4f051550ce19","name":"Bobik","type":"malware","source":"Trellix TIG","software_attack_id":"S3388","tidal_id":"984ddb7b-985c-5659-9745-34717775ecf4","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"d2910708-4783-4ae5-8bfa-23e9cf541b5f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"7a6e5dae-4f6b-43e5-bf98-f20071e58072","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"e872eb3e-8965-4667-a6ac-ceee42366f21","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":"TidalCyberIan"},{"id":"00dff216-0c61-5d8a-9de4-bfdab70f60c2","name":"BOLDMOVE","type":"malware","source":"MITRE","software_attack_id":"S1184","tidal_id":"00dff216-0c61-5d8a-9de4-bfdab70f60c2","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"a84568de-748f-4393-85a9-841e6a9a895f","tag":"793f4441-3916-4b3d-a3fd-686a59dc3de2"},{"id":"5d10f845-a0af-4775-88c2-b01dbd020e27","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3793db4b-f843-4cfd-89d2-ec28b62feda5","name":"Bonadan","type":"malware","source":"MITRE","software_attack_id":"S0486","tidal_id":"14c4cf37-f3a2-532f-9137-afa0ba40e479","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d8690218-5272-47d8-8189-35d3b518e66f","name":"BONDUPDATER","type":"malware","source":"MITRE","software_attack_id":"S0360","tidal_id":"b819ce89-f776-5472-8f01-35f992e0e3c9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)] [[Palo Alto OilRig Sep 2018](https://app.tidalcyber.com/references/2ec6eabe-92e2-454c-ba7b-b27fec5b428d)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6cb03958-0cec-4a27-953d-95510432e651","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9d393f6f-855e-4348-8a26-008174e3605a","name":"BoomBox","type":"malware","source":"MITRE","software_attack_id":"S0635","tidal_id":"33651c37-907a-5caa-8f9c-ac27766b092f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"88b2ab45-e334-4272-9b43-05a1c43354ae","tag":"15126457-d8bb-4799-9cee-b18e17ef9703"},{"id":"1cf453c2-209f-47e8-bdd4-cb19dd9deb42","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"74a73624-d53b-4c84-a14b-8ae964fd577c","name":"BOOSTWRITE","type":"malware","source":"MITRE","software_attack_id":"S0415","tidal_id":"879a9a8d-d0f1-55e1-972b-4e91480bbe3a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye FIN7 Oct 2019](https://app.tidalcyber.com/references/df8886d1-fbd7-4c24-8ab1-6261923dee96)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7b0e4dbe-f7e2-4b6d-91d2-aa211509af6d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"d47a4753-80f5-494e-aad7-d033aaff0d6d","name":"BOOTRASH","type":"malware","source":"MITRE","software_attack_id":"S0114","tidal_id":"993b1883-b696-5dfc-9ac9-ac21123a5361","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d3e46011-3433-426c-83b3-61c2576d5f71","name":"BoxCaon","type":"malware","source":"MITRE","software_attack_id":"S0651","tidal_id":"11b70bd2-b988-56b7-8de7-10d55cf8bb6c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Checkpoint IndigoZebra July 2021](https://app.tidalcyber.com/references/cf4a8c8c-eab1-421f-b313-344aed03b42d)]","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"95ed72db-1196-4ed1-9aa9-1b9a90e3e7b2","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"1c75c6dc-7b74-5b15-ae9a-59f9cc98e662","name":"BPFDoor","type":"malware","source":"MITRE","software_attack_id":"S1161","tidal_id":"1c75c6dc-7b74-5b15-ae9a-59f9cc98e662","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"1c711ed0-7741-5ef3-a5ae-92fa75875418","name":"Backdoor.Solaris.BPFDOOR.ZAJE","description":"[[Harries JustForFun 2022](https://app.tidalcyber.com/references/e7b7aee0-486e-5936-9b01-446dce22f917)]","source":"MITRE","associated_software_id":"80382e9b-9e78-48e8-b07a-854217324d30","owner_id":null,"owner_name":null},{"id":"9723b193-6272-520e-9a21-b547bdcf4a35","name":"Backdoor.Linux.BPFDOOR","description":"[[Merces BPFDOOR 2023](https://app.tidalcyber.com/references/bf4f5736-0506-5ecf-a73e-86ab18c2b71b)]","source":"MITRE","associated_software_id":"25e4f805-94ef-44eb-87eb-ac3e8a94bf4a","owner_id":null,"owner_name":null},{"id":"55aeae07-2453-50c4-b898-34040718209f","name":"JustForFun","description":"[[Harries JustForFun 2022](https://app.tidalcyber.com/references/e7b7aee0-486e-5936-9b01-446dce22f917)]","source":"MITRE","associated_software_id":"8eb67762-ea73-425f-add6-aeca03892dd8","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"2f09a3f9-f0c0-4b73-8088-7cb87fdd1c83","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"51b27e2c-c737-4006-a657-195ea1a1f4f0","name":"Brave Prince","type":"malware","source":"MITRE","software_attack_id":"S0252","tidal_id":"8e1f7ee7-0bf3-590c-bffc-f189b58c4570","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos Kimsuky Nov 2021](https://app.tidalcyber.com/references/17927f0e-297a-45ec-8e1c-8a33892205dc)][[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7942783c-73a7-413c-94d1-8981029a1c51","name":"Briba","type":"malware","source":"MITRE","software_attack_id":"S0204","tidal_id":"1e50df30-4293-5fb7-9680-78ac81b24ae3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"032986ee-e041-4336-9a24-7d1858b28c39","name":"BrickStorm","type":"malware","source":"Trellix TIG","software_attack_id":"S3440","tidal_id":"f98f3e5e-d6da-592b-937f-bb5d7d6f7f94","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bed3d7f6-24eb-4d66-83f7-3d0a165125e4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"23043b44-69a6-5cdf-8f60-5a68068680c7","name":"Brute Ratel C4","type":"tool","source":"MITRE","software_attack_id":"S1063","tidal_id":"934ee621-0971-51f6-b492-a77cf83eb3a9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dba68385-7251-5f62-a90d-391e1e47ee70","name":"BRc4","description":"[[Palo Alto Brute Ratel July 2022](https://app.tidalcyber.com/references/a9ab0444-386b-5baf-84e1-0e6df4a21296)]","source":"MITRE","associated_software_id":"afc6d47c-4375-47c6-bc69-ae0faf2df0bd","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT29 Phishing September 21 2023](/references/ad3fa9b5-2c2b-490e-bb46-0337020446f8)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Black Basta October 2022](/references/6e4a1565-4a30-5a6b-961c-226a6f1967ae)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Recorded Future RedHotel August 7 2023](/references/b9f9662b-bcf6-4179-8dfb-e017e50cbd5c)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ca68fbd6-67b0-45e8-94f1-3421bbf9aecb","tag":"599dd679-c6a6-42b6-8b7a-29d840db2028"},{"id":"cbfcf808-4c0d-43c7-ad74-0301f18bdee0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4016f306-2734-4231-9984-f84356a02846","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"c9e773de-0213-4b64-83fb-637060c8b5ed","name":"BS2005","type":"malware","source":"MITRE","software_attack_id":"S0014","tidal_id":"f420811a-29be-599d-b5b5-5a9c7c707d1d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2be4e3d2-e8c5-4406-8041-2c17bdb3a547","name":"BUBBLEWRAP","type":"malware","source":"MITRE","software_attack_id":"S0043","tidal_id":"3b1b6932-7bf5-5f04-bb78-a4bf733c6a96","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bc902752-8e2e-4037-9147-b3c6ff297539","name":"Backdoor.APT.FakeWinHTTPHelper","description":"","source":"MITRE","associated_software_id":"ad8fc8bb-3562-4a56-b132-be625b1dc208","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e07d08eb-40c7-4ac5-8d02-09477ddaa23b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c21d3e6c-0f6d-44a8-bdd5-5b3180a641c9","name":"build_downer","type":"malware","source":"MITRE","software_attack_id":"S0471","tidal_id":"c91fd69e-438a-5046-8763-3d54696bcb5c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"89ce7930-290e-4f2c-9c05-fd6f63526de5","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"cc155181-fb34-4aaf-b083-b7b57b140b7a","name":"Bumblebee","type":"malware","source":"MITRE","software_attack_id":"S1039","tidal_id":"1f6b4d10-de1c-5752-8baa-7bfebc057bf3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Google EXOTIC LILY March 2022](https://app.tidalcyber.com/references/19d2cb48-bdb2-41fe-ba24-0769d7bd4d94)]","group_attack_id":"G1011","group_id":"396a4361-3e84-47bc-9544-58e287c05799","name":"EXOTIC LILY","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"632b312f-0797-4894-85df-7456516a0c54","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"5c0cda95-63f1-4ee4-8edf-9fb667e94966","tag":"aa983c81-e54b-49b3-b0dd-53cf950825b8"},{"id":"cc9b6b50-aa05-4dfb-bc3c-9a18b91d512e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d8fc55e5-7d9f-4fa0-8451-8a86d387d90a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"e9873bf1-9619-4c62-b4cf-1009e83de186","name":"Bundlore","type":"malware","source":"MITRE","software_attack_id":"S0482","tidal_id":"7b28b2b7-af5f-5eaf-ab2f-ceae8ebc4190","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"2c496adc-9061-4675-83a6-e53a8a5e6088","name":"OSX.Bundlore","description":"[[MacKeeper Bundlore Apr 2019](https://app.tidalcyber.com/references/4d631c9a-4fd5-43a4-8b78-4219bd371e87)]","source":"MITRE","associated_software_id":"2fc667d6-96ca-4414-95d7-3ce49383508a","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"4387694e-2e88-474f-8f95-1bcc21a59345","tag":"707e8a2b-e223-4d99-91c2-43de4b4459f6"},{"id":"f109d830-61b5-42f2-b77b-65428d5347f2","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"44ed9567-2cb6-590e-b332-154557fb93f9","name":"BUSHWALK","type":"malware","source":"MITRE","software_attack_id":"S1118","tidal_id":"5f6d1648-054a-5f0f-8cae-bcaf0bc0f6a6","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"a16a964f-27d7-4b12-97cc-d8ed851ecdc5","name":"BusyBox","type":"tool","source":"Trellix TIG","software_attack_id":"S3449","tidal_id":"fdc67fd7-cdac-558a-b1fb-f99fce95584a","platforms":[],"associated_software":[{"id":"770b52ae-29ad-434c-b378-b2f982064af9","name":"Busy Box","description":"","source":"Trellix TIG","associated_software_id":"9fa0edcb-4e5b-4529-be38-1667c24e6a0b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"7c03fb92-3cd8-4ce4-a1e0-75e47465e4bc","name":"Cachedump","type":"tool","source":"MITRE","software_attack_id":"S0119","tidal_id":"58ff897b-f7da-55de-ada2-d2bc1a1adc05","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad51e7c6-7d3c-4c5d-a7e2-e50afb11a0ca","name":"CACTUS Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3107","tidal_id":"31de8745-8b68-5411-8266-c2d0ea44ed27","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6199e94a-56d7-429a-a769-0e8acb1b08e2","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"5bcf3e67-68d7-464d-bcb3-dbafaca8ec6a","tag":"83a25621-55a6-4b0d-be67-4905b6d3a1c6"},{"id":"b0eb2451-48fe-4e74-bbab-fad10386d462","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7752d185-25ff-4e78-b0e7-2f102cc1bc9c","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"771be0df-6e43-444b-8d19-73815197b24f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"48e982bc-c8cb-4b29-8ad4-e3db14dc262d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5023f3ba-97e6-4eca-a2f6-3d683bfd09a3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"62d0ddcd-790d-4d2d-9d94-276f54b40cf0","name":"CaddyWiper","type":"malware","source":"MITRE","software_attack_id":"S0693","tidal_id":"a1683b61-7e89-5f74-be50-5ab788ba9df3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e34351f9-26ec-4ad2-a399-7a548e9b9791","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"c8a51b39-6906-4381-9bb4-4e9e612aa085","name":"Cadelspy","type":"malware","source":"MITRE","software_attack_id":"S0454","tidal_id":"07ff9b57-1368-5cde-b43e-bfca2eb4f587","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Chafer Dec 2015](https://app.tidalcyber.com/references/0a6166a3-5649-4117-97f4-7b8b5b559929)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"68a515e8-9fa6-44ea-8cba-ad8de759d742","name":"CALDERA","type":"tool","source":"Tidal Cyber","software_attack_id":"S3454","tidal_id":"b1c49d8e-22fa-5ebe-8722-b08a4306487a","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c249f955-a9d2-402e-bd86-f388d9c07192","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2420f28-3a6c-4cd7-93fd-08eecf579881","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"525920c0-5c69-4d92-8666-619f91621365","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7f75e83f-abaa-4c50-9c54-47fea20692ee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ad859a79-c183-44f6-a89a-f734710672a9","name":"CALENDAR","type":"malware","source":"MITRE","software_attack_id":"S0025","tidal_id":"bd4f2192-c675-5176-909d-367fce3d8d1f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6b5b408c-4f9d-4137-bfb1-830d12e9736c","name":"Calisto","type":"malware","source":"MITRE","software_attack_id":"S0274","tidal_id":"a1a691fa-6b4f-5694-9def-43f30a9f53a3","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"352ee271-89e6-4d3f-9c26-98dbab0e2986","name":"CallMe","type":"malware","source":"MITRE","software_attack_id":"S0077","tidal_id":"01fd8261-b32d-5157-886c-050edbd37410","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"790e931d-2571-496d-9f48-322774a7d482","name":"Cannon","type":"malware","source":"MITRE","software_attack_id":"S0351","tidal_id":"6c1fa47d-9a22-5228-8b40-635a3d442b03","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit42 Cannon Nov 2018](https://app.tidalcyber.com/references/8c634bbc-4878-4b27-aa18-5996ec968809)][[Unit42 Sofacy Dec 2018](https://app.tidalcyber.com/references/540c4c33-d4c2-4324-94cd-f57646666e32)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4cb9294b-9e4c-41b9-b640-46213a01952d","name":"Carbanak","type":"malware","source":"MITRE","software_attack_id":"S0030","tidal_id":"9420323e-240c-5518-87b0-65caf50e7c3d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"be99b5bb-731e-4040-9912-985c893fab6b","name":"Anunak","description":"[[Fox-It Anunak Feb 2015](https://app.tidalcyber.com/references/d74a8d0b-887a-40b9-bd43-366764157990)] [[FireEye CARBANAK June 2017](https://app.tidalcyber.com/references/39105492-6044-460c-9dc9-3d4473ee862e)]","source":"MITRE","associated_software_id":"b0ac8d42-1536-4b96-b0d5-8052308d2177","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)][[FireEye FIN7 Aug 2018](https://app.tidalcyber.com/references/54e5f23a-5ca6-4feb-8046-db2fb71b400a)][[DOJ FIN7 Aug 2018](https://app.tidalcyber.com/references/6a588eff-2b79-41c3-9834-613a628a0355)][[IBM Ransomware Trends September 2020](https://app.tidalcyber.com/references/eb767436-4a96-4e28-bd34-944842d7593e)][[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)][[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"df9491fd-5e24-4548-8e21-1268dce59d1f","name":"Carberp","type":"malware","source":"MITRE","software_attack_id":"S0484","tidal_id":"86ea3d2c-62cb-5718-b948-cff45d8df7c4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"61f5d19c-1da2-43d1-ab20-51eacbca71f2","name":"Carbon","type":"malware","source":"MITRE","software_attack_id":"S0335","tidal_id":"b7caf4d8-98bb-5775-964b-7275f758edb7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Carbon Mar 2017](https://app.tidalcyber.com/references/5d2a3a81-e7b7-430d-b748-b773f89d3c77)][[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"fa23acef-3034-43ee-9610-4fc322f0d80b","name":"Cardinal RAT","type":"malware","source":"MITRE","software_attack_id":"S0348","tidal_id":"c810a923-8577-5b46-a934-b1040f7e25a3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6460db6b-a325-4aa5-825f-33cef1caba53","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"84bb4068-b441-435e-8535-02a458ffd50b","name":"CARROTBALL","type":"tool","source":"MITRE","software_attack_id":"S0465","tidal_id":"d307dd6d-8c9f-588d-92c3-2967cf99c0ac","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"751bb3f7-1937-490e-903d-6bc03e535835","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"aefa893d-fc6e-41a9-8794-2700049db9e5","name":"CARROTBAT","type":"malware","source":"MITRE","software_attack_id":"S0462","tidal_id":"26a1c0d8-821a-538f-9a4f-d9a49db90fbd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"69619134-9bd2-4aa4-a06e-23910a0d9983","name":"CASTLETAP","type":"malware","source":"Trellix TIG","software_attack_id":"S3400","tidal_id":"f27afe5b-5876-5825-8160-b265e8bbf01f","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"24b00bc1-7815-42ba-ab5b-37633ce77815","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"6f22f232-f96f-44df-a4ee-be510d5fe080","name":"cat","type":"tool","source":"Trellix TIG","software_attack_id":"S3421","tidal_id":"334cad54-8aa2-5e60-b273-28f186ce8816","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0b3a4d14-2dd2-492c-add6-24453939a9af","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"04deccb5-9850-45c3-a900-5d7039a94190","name":"Catchamas","type":"malware","source":"MITRE","software_attack_id":"S0261","tidal_id":"5d4d0c6a-cef6-536a-8e1e-99aafb57ae27","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ee88afaa-88bc-4c20-906f-332866388549","name":"Caterpillar WebShell","type":"malware","source":"MITRE","software_attack_id":"S0572","tidal_id":"029abcc0-f288-54c0-9c17-3d96c894b805","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ClearSky Lebanese Cedar Jan 2021](https://app.tidalcyber.com/references/53944d48-caa9-4912-b42d-94a3789ed15b)][[CheckPoint Volatile Cedar March 2015](https://app.tidalcyber.com/references/a26344a2-63ca-422e-8cf9-0cf22a5bee72)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c0541811-a261-4d62-8a63-363abd93e3de","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"73ff6a0c-12fd-43d6-b2ea-2949a7f748b1","name":"CBROVER","type":"malware","source":"Tidal Cyber","software_attack_id":"S3172","tidal_id":"b108c34c-9058-59a5-ac88-53e73a445573","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5895e61a-119e-471d-be9a-282365b7f029","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"191279c6-9c73-4146-8406-ed8002487c17","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8babce25-4902-4ef9-98b9-9ee4ae971aec","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7664bfa5-8477-4903-9103-1144113fca36","name":"CC-Attack","type":"malware","source":"Tidal Cyber","software_attack_id":"S3085","tidal_id":"ce2b2f08-3aac-53c5-8862-68bf3a855330","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Flashpoint Glossary Killnet](/references/502cc03b-350b-4e2d-9436-364c43a0a203)]","group_attack_id":"G3022","group_id":"35fb7663-5c5d-43fe-a507-49612aa7960e","name":"Killnet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3aca5c62-0fc4-46af-829e-2cbc60a11c4e","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":"TidalCyberIan"},{"id":"4eb0720c-7046-4ff1-adfd-ae603506e499","name":"CCBkdr","type":"malware","source":"MITRE","software_attack_id":"S0222","tidal_id":"15467150-06ce-5250-ae7b-10f771de8e00","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"753e294b-959a-4b18-a3be-631674b1280f","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"}],"owner_name":null},{"id":"e00c2a0c-bbe5-4eff-b0ad-b2543456a317","name":"ccf32","type":"malware","source":"MITRE","software_attack_id":"S1043","tidal_id":"9a3ab6e6-17c9-57b6-9d9e-1810a6409e8e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"65ea5aeb-36c1-5ce1-a4ef-01167ab659ca","name":"cd00r","type":"malware","source":"MITRE","software_attack_id":"S1204","tidal_id":"65ea5aeb-36c1-5ce1-a4ef-01167ab659ca","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"ef2fc77a-db9d-468d-9ff4-7dfede718c35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d9ea2696-7c47-44cd-8784-9aeef5e149ea","name":"Cdb","type":"tool","source":"Tidal Cyber","software_attack_id":"S3329","tidal_id":"e9bbfd12-d699-5225-81e8-e6ebab5a02c6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0b731b6d-60a7-4944-bf04-834591161b22","name":"Cdb.exe","description":"[[Cdb.exe - LOLBAS Project](/references/e61b035f-6247-47e3-918c-2892815dfddf)]","source":"Tidal Cyber","associated_software_id":"4e9c6329-2df3-4815-bf21-8f18de3046b0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"70373ef5-f513-4a68-abe8-e54c8aa4671e","tag":"4479b9e9-d912-451a-9ad5-08b3d922422d"},{"id":"7b4fe5b8-8ab5-47ce-8cab-9719eed99594","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ce87fee3-9dc3-4c52-ab48-0f908b8cefc7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0dc7a5a5-c304-40bb-87d7-c0f77dd84b29","name":"CDumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3158","tidal_id":"17603216-073c-5681-959a-10758a445596","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"01a1b020-8380-43d5-a24b-0801bc1c2c9b","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"017e3e4b-a5a2-4d81-b682-ecb77dac2866","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ff5d669c-0f18-48da-8cfc-560036d55d17","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"34e1c197-ac43-4634-9a0d-9148c748f774","name":"CertOC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3197","tidal_id":"6cb9645a-93d7-50f4-bffa-a1e1792325cf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fbc3a6a8-5031-4aa5-8514-efbad5f87d4b","name":"CertOC.exe","description":"[[CertOC.exe - LOLBAS Project](/references/b906498e-2773-419b-8c6d-3e974925ac18)]","source":"Tidal Cyber","associated_software_id":"53a36e49-d37d-4572-9f4c-f738db27d9a5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"095cb0cb-035f-485a-b083-6348457141bd","tag":"fb909648-ee44-4871-abe6-82c909c4d677"},{"id":"a7861512-f357-4830-a074-ba41cf87ca49","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c7fb849e-41ef-46d7-8071-90479efd1eda","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"43050f80-ce28-49e3-aac6-cb3f4a07f4b4","name":"CertReq","type":"tool","source":"Tidal Cyber","software_attack_id":"S3198","tidal_id":"3352bb62-aabb-5b95-9239-97fe2bdb2418","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"179f9b33-8cc6-489f-9239-e16cb337b1a1","name":"CertReq.exe","description":"[[CertReq.exe - LOLBAS Project](/references/be446484-8ecc-486e-8940-658c147f6978)]","source":"Tidal Cyber","associated_software_id":"e15e8ff8-4ca9-4c89-9a3a-b89e41623204","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d2e25202-6362-45e3-b847-917c511c5bfb","tag":"35a798a2-eaab-48a3-9ee7-5538f36a4172"},{"id":"9b845a97-62eb-40a4-ae3d-edcae3bec3c2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"50e7d948-7cd2-4ee8-9c45-55972f50b60f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2fe21578-ee31-4ee8-b6ab-b5f76f97d043","name":"certutil","type":"tool","source":"MITRE","software_attack_id":"S0160","tidal_id":"71bf3d57-4a1c-55ae-89b0-fc0a968c2a55","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dc2187c3-8ad1-4d87-9c76-2618db516ec0","name":"certutil.exe","description":"","source":"MITRE","associated_software_id":"9d959b69-ce56-418b-b074-90d83062ca28","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [certutil](https://app.tidalcyber.com/software/2fe21578-ee31-4ee8-b6ab-b5f76f97d043) during operations.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 Sofacy Feb 2018](https://app.tidalcyber.com/references/0bcc2d76-987c-4a9b-9e00-1400eec4e606)][[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)][[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)][[PTSecurity Higaisa 2020](https://app.tidalcyber.com/references/cf8f3d9c-0d21-4587-a707-46848a15bd46)]","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Accenture Hogfish April 2018](https://app.tidalcyber.com/references/c8e9fee1-9981-499f-a62f-ffe59f4bb1e7)][[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)][[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8338d95e-0be1-4684-8029-d460818f4713","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"36483b6e-d1ef-4e27-8044-4ec38f2fc478","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9ecefaf6-d107-49cf-bbab-5eaf49421920","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"60f50378-a1d7-4904-b819-b9aad9d314ca","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"70f84d99-d26d-406a-8db3-7de422eab4f6","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"616b67a6-429c-47b2-94ef-cf7b925871c8","tag":"412da5b4-fb41-40fc-a29a-78dc9119aa75"},{"id":"9716b542-510f-4417-bd56-b51f2e1aa1a2","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"92f421a8-90ca-4d44-a7c1-174c52fc6258","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1bac76c8-9107-4659-92f2-4554a66515e0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fd715b3a-e0d9-4c9c-b382-015137aa1526","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"4e86a5ed-cac4-407e-b3d6-1baf997486ce","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f736f909-a228-4090-a538-a4581dddc5cc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"49d95f18-8461-4d38-af36-7eef03ae1aaf","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d4267e8f-fece-44a7-b965-c1aca29efb7f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"0c8efcd0-bfdf-4771-8754-18aac836c359","name":"Chaes","type":"malware","source":"MITRE","software_attack_id":"S0631","tidal_id":"b33871ff-68c0-5428-89a5-0f35c3276980","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"48f84497-4ae6-47b9-a1cb-f469a256e35f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"7a6105a0-11e7-4df5-a31d-ea39faf19136","name":"ChainLine","type":"malware","source":"Trellix TIG","software_attack_id":"S3473","tidal_id":"b0384aeb-16c9-5762-a6f9-37347d8ebd3b","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b4924037-8896-461a-9546-23bb54731d1b","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"92c88765-6b12-42cd-b1d7-f6a65b2236e2","name":"Chaos","type":"malware","source":"MITRE","software_attack_id":"S0220","tidal_id":"21a442b9-30f5-5f79-8cf0-556c41418c31","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"d1a32e00-2ecf-4b9d-949b-b6fd73a22a92","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a0269ebb-86a8-452c-b8b5-7b9e825e2fee","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"84c62907-40db-4db4-a29d-f70f1b1bd101","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"b1e3b56f-2e83-4cab-a1c1-16999009d056","name":"CharmPower","type":"malware","source":"MITRE","software_attack_id":"S0674","tidal_id":"93447577-c4a0-5b8f-9c05-1bb93ec10660","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Check Point APT35 CharmPower January 2022](https://app.tidalcyber.com/references/81dce660-93ea-42a4-902f-0c6021d30f59)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"00aed22d-bf92-4a65-bd37-5c7b5a1ccca6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b349b8e5-8093-4380-9903-6933f97de778","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"3f2283ef-67c2-49a3-98ac-1aa9f0499361","name":"ChChes","type":"malware","source":"MITRE","software_attack_id":"S0144","tidal_id":"be24838b-9f23-58bd-98a6-dda49bc1e8c7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ee89ef4-89b7-48c8-ba66-881269735924","name":"HAYMAKER","description":"Based on similarities in reported malware behavior and open source reporting, it is assessed that the malware named HAYMAKER by FireEye is likely the same as the malware ChChes. [[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)] [[Twitter Nick Carr APT10](https://app.tidalcyber.com/references/0f133f2c-3b02-4b3b-a960-ef6a7862cf8f)]","source":"MITRE","associated_software_id":"c65b2f44-b691-46e9-90da-2014a929ab35","owner_id":null,"owner_name":null},{"id":"846bba3c-1b5c-4ee7-a31c-d58080beec72","name":"Scorpion","description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","source":"MITRE","associated_software_id":"0b494f14-2546-4b8f-b688-9472f7e8dc7d","owner_id":null,"owner_name":null}],"groups":[{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ecf91914-6c5a-4f9f-834b-ab8f2de39c88","name":"chcon","type":"tool","source":"Trellix TIG","software_attack_id":"S3442","tidal_id":"d476427d-7bae-5825-95b8-74b75f561628","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c8a0da8c-4edc-4f72-9760-4507262b6592","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bb5cbc64-4f34-49e6-88c0-bf844777cbbe","name":"Checkmarks","type":"malware","source":"Tidal Cyber","software_attack_id":"S3461","tidal_id":"5a1d0bf5-63ff-5972-98d1-59be0424fb2c","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"}],"associated_software":[],"groups":[{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"eaa63dc4-58e0-4787-ac7f-e35b86c57f94","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"9c37032d-e852-4d7a-84e6-241959328611","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"d08be099-8674-4826-bd10-36f93c206b85","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"3508fff7-6ff0-4de0-8c99-36b4ab1d2433","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"8bc055ae-c592-411a-b5cc-5dd8f91fbce7","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"05a322b8-5964-4337-a487-b615bc3f0efc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fd677935-b9b4-4d5d-a0ae-2a160b37c1c1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6475bc8c-b95d-5cb3-92f0-aa7e2f18859a","name":"Cheerscrypt","type":"malware","source":"MITRE","software_attack_id":"S1096","tidal_id":"4b9b304b-9ea4-5366-9ae5-d1d9c81d58af","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)][[Trend Micro Cheerscrypt May 2022](https://app.tidalcyber.com/references/ca7ccf2c-37f3-522a-acfb-09daa16e23d8)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"40a76f53-b0c5-4247-b16b-46373b108ce9","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"}],"owner_name":null},{"id":"2fd6f564-918e-4ee7-920a-2b4be858d11a","name":"Cherry Picker","type":"malware","source":"MITRE","software_attack_id":"S0107","tidal_id":"3c1342b9-0c43-55b8-a7e4-86fcf0dc678b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"966f4b5c-e5f3-598e-9ac0-a5174c56827b","name":"CHIMNEYSWEEP","type":"malware","source":"MITRE","software_attack_id":"S1149","tidal_id":"966f4b5c-e5f3-598e-9ac0-a5174c56827b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"90613e4e-43c5-4ac5-aa73-f61df5c72049","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"723c5ab7-23ca-46f2-83bb-f1d1e550122c","name":"China Chopper","type":"malware","source":"MITRE","software_attack_id":"S0020","tidal_id":"37648f0c-8b20-50f8-b1eb-e8942f3acb45","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)][[FireEye Exchange Zero Days March 2021](https://app.tidalcyber.com/references/5e5452a4-c3f5-4802-bcb4-198612cc8282)][[Rapid7 HAFNIUM Mar 2021](https://app.tidalcyber.com/references/cf05d229-c2ba-54f2-a79d-4b7c9185c663)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](https://app.tidalcyber.com/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)][[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)][[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)][[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used the `China Chopper` web shell as a persistence mechanism on compromised Microsoft Exchange servers.[[apt41_dcsocytec_dec2022](https://app.tidalcyber.com/references/fad90e96-93fd-59bd-970e-f0b37cac331d)][[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)][[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3c3ceafb-0dbd-4451-b1c2-6423a94528f8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0467c32c-ed91-4621-98b5-40d2d200e848","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"7c36563a-9143-4766-8aef-4e1787e18d8c","name":"Chinoxy","type":"malware","source":"MITRE","software_attack_id":"S1041","tidal_id":"9fe6cc2b-e8e8-5d2b-aca0-e77fb2c5ae36","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"bd2b2375-4f16-42b2-a862-959b5b41c2af","name":"Chisel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3087","tidal_id":"89109672-aab8-50e5-91e2-8548ee03453f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e9e85cc5-71d7-4ba0-a212-463ece05aba8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"0343a0b9-cb18-45a8-8312-3be07f95dcc1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2a556218-6034-4f35-8189-99b7408f1cec","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"5e457a83-a73d-43ae-ab35-e450b24ae477","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0aec5371-5c35-47b7-8885-7ef8c00da659","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"67c9da16-3b83-4281-8300-ed6ac86db8fc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"606933fe-727c-4c86-b381-4b4d6bd1fd37","name":"chmod","type":"tool","source":"Trellix TIG","software_attack_id":"S3417","tidal_id":"a5656f54-6aaf-5da2-a628-b49e771cdb39","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"5a13032e-9153-437e-9c9e-36b1f11e03af","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a2b00ef-8a37-4901-bf0c-17da0ebf3d69","name":"Chocolatey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3030","tidal_id":"52783437-d826-5cb8-8989-29ffd26cf0c3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"65913b46-4c5f-40bb-9436-ac482e045915","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1bea2839-e5a2-423e-ac07-14b87e74acce","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"851dfa9d-c2be-414b-a337-844839af82a1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"fccc6f9c-3ada-41d1-9fd6-c4530be630d8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"84be644e-71fc-4644-a9d5-7e7ebb08147f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"80f90907-15c2-4ac2-a20b-ad4e575ece01","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"f831d290-7966-4e4f-b43e-da5bf436aec3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"602023d7-f5b5-465e-bf6b-f428e3ce183e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"eaa17213-80bd-4a94-9def-f9de6d5988fc","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e624bd04-6cdd-4774-a69c-2fe1231672c0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2af6ea37-5aaa-46e1-8551-d9b3deea45cb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"01c6c49a-f7c8-44cd-a377-4dfd358ffeba","name":"CHOPSTICK","type":"malware","source":"MITRE","software_attack_id":"S0023","tidal_id":"652371e1-f140-5ac3-914d-bf2dc48efa10","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f4762139-a9d6-4813-a6f8-168010eeec40","name":"X-Agent","description":"[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)] [[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"fabf19bb-0fc7-451c-8c69-4b6c706b4e3f","owner_id":null,"owner_name":null},{"id":"5df20e72-bf08-4a95-b81b-a5ea73905b3e","name":"SPLM","description":"[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)] [[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"14492dd1-4146-47ad-9ea0-5e6e934b625c","owner_id":null,"owner_name":null},{"id":"0e7b706f-c6c5-4ea2-8d35-581e9448f229","name":"Backdoor.SofacyX","description":"[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]","source":"MITRE","associated_software_id":"cbdaa2bf-7ffb-4e48-9e8e-c06b42199d44","owner_id":null,"owner_name":null},{"id":"3f5b77e7-28ef-4e06-a2ba-d7188a5c4ab3","name":"Xagent","description":"[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)] [[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"ceb44e2f-ffbb-4316-90a2-f011a3dcad57","owner_id":null,"owner_name":null},{"id":"4f9ad7bb-c277-4e1d-bf70-9711dbfa1334","name":"webhp","description":"[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"472502d3-e94a-4045-a232-33733d6e30aa","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)][[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24949e9f-0e6b-4726-83ee-4cbac2302a82","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"cdb9ae89-c9b8-4295-97d1-6a8f93f281ce","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1523b0d7-9c95-4f39-a23b-7ca347748dc6","name":"ChromeLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3386","tidal_id":"880e5d85-7952-574b-ae75-62f0621db24e","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eae5642b-4ade-45c5-b088-1d0979a79861","name":"CS_installer","description":"[[VMware Chromeloader September 19 2022](/references/5c2985f1-2d80-488b-ab63-fbd56aba229b)]","source":"Tidal Cyber","associated_software_id":"67584385-7500-4134-9f7f-835e951da175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"04e3bd5f-3de7-4c9d-a6bb-870f780e8b63","name":"AdSearch","description":"[[Red Canary TDR ChromeLoader](/references/bcfe9d10-11fe-4241-8262-bce07e8a11c1)]","source":"Tidal Cyber","associated_software_id":"39300828-6733-4cd3-b09b-0735e00d9985","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Red Canary March 18 2024](/references/a86131cd-1a42-4222-9d39-221dd6e054ba)]","group_attack_id":"G3055","group_id":"6d23e83f-fd4f-4802-bd01-daff7348741d","name":"Charcoal Stork","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3b2ecc9d-816b-4414-8484-e7ae8f555368","tag":"9775efc2-e8ac-47de-bd2a-bb08202b48fd"},{"id":"1d7f877f-dd78-40aa-9494-b062a2b0495f","tag":"707e8a2b-e223-4d99-91c2-43de4b4459f6"},{"id":"1f4bb25a-d4ae-4ca6-9ecc-bcdc4e86fa1f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c7e6e1f7-3628-41bb-829c-ce83c2139cdc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1f91e89f-5e64-44c2-86e5-b10d3e134688","name":"Chrome Remote Desktop","type":"tool","source":"Tidal Cyber","software_attack_id":"S3507","tidal_id":"d0fe1226-1e3a-5a44-b73b-d7801be58e1e","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Palo Alto Unit 42 North Korean IT Workers 2024](/references/61819211-7260-53c1-833e-eac36f209b0c)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23b7f44d-b3d2-4c0f-b314-afe5c831a21e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0d2bb5e4-26d5-4f3b-ae36-55bbc4d27559","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"8f723287-9709-444d-9d33-59ee583b5728","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"487e15f6-0b92-44b9-84c0-0bcc5eef1a3d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b3063af3-f446-4bc8-ac3a-593283c4d25a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"df77ed2a-f135-4f00-9a5e-79b7a6a2ed14","name":"Chrommme","type":"malware","source":"MITRE","software_attack_id":"S0667","tidal_id":"cac9766b-fe46-53a2-91b9-dea7ead66acd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"21ce53f0-afbb-41e6-a215-2fe45c79cbde","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"a45b2ee6-43dd-47e8-9846-385a06c0c9ac","name":"Cicada3301","type":"malware","source":"Tidal Cyber","software_attack_id":"S3164","tidal_id":"0b63c0f9-d972-5843-a7fc-6bb2c7876eeb","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Truesec AB August 30 2024](/references/de2de0a9-17d2-41c2-838b-7850762b80ae)]","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dac45060-c287-4729-a90a-626f77a13b72","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"f2fc74ea-ed6c-40fa-8b5a-2e8dd5252a48","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"fc1439b8-d4c5-4a98-b085-9ce596414df0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"71e8e544-9285-48ea-8324-07eacf7d1e09","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5195401a-13fd-4a58-8887-69668321a2f8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"539af1f6-68b0-4f18-ab64-5476b167cc7c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3e6c08f5-1454-4e7f-adec-bf10397795e7","name":"Cipher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3475","tidal_id":"d8d4d6fe-1859-560f-b7b8-064194b7e97c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"425a0bab-585b-4f9f-adfd-22e819094d0b","name":"Cipher.exe","description":"[[Cipher.exe - LOLBAS Project](/references/3c8f87b6-655c-4e3b-ab0b-f626aac2afad)]","source":"Tidal Cyber","associated_software_id":"0c0eb8c0-c6c7-454c-a5b1-fc45ab5dc5d8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"aa49b178-b173-4e74-bc9b-90423c0f0b6a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c67fec05-d8cb-4b98-8a89-5d1819f18373","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3927db0c-407d-5f37-9acd-eb4dfa2c3381","name":"cipher.exe","type":"tool","source":"MITRE","software_attack_id":"S1205","tidal_id":"3927db0c-407d-5f37-9acd-eb4dfa2c3381","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Nearest Neighbor Volexity](https://app.tidalcyber.com/references/25b312ea-0d7a-5f05-9db1-14bbab909317)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8523bb23-4a0b-4405-ae24-3be1a2d37aa8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"4bac93bd-7e58-4ddb-a205-d99597b9e65e","name":"Clambling","type":"malware","source":"MITRE","software_attack_id":"S0660","tidal_id":"663fe403-a77f-5a93-9496-78903346cf34","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)][[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)][[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4bc36e22-6529-4a4a-a5d2-461f3925c5f3","name":"CL_Invocation","type":"tool","source":"Tidal Cyber","software_attack_id":"S3378","tidal_id":"3c110604-5ded-5e06-a522-7e688bfb60a0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22caac14-075b-404d-a35c-d987cc9a62a1","name":"CL_Invocation.ps1","description":"[[CL_Invocation.ps1 - LOLBAS Project](/references/a53e093a-973c-491d-91e3-bc7804d87b8b)]","source":"Tidal Cyber","associated_software_id":"351a3856-6bc0-4712-923b-8e921785b95b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d624996a-d079-492c-a27a-f82b0b29f8fd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7eeeb427-9dd7-45c4-bd71-356323dc7090","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cb950179-334d-4bd9-9cfb-87b09d279a3b","name":"CL_LoadAssembly","type":"tool","source":"Tidal Cyber","software_attack_id":"S3376","tidal_id":"e775afbd-dfe5-5589-9084-e27bd669c5ed","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a30c2c43-f823-466f-bfd4-45b2a58b2bec","name":"CL_LoadAssembly.ps1","description":"[[CL_LoadAssembly.ps1 - LOLBAS Project](/references/31a14027-1181-49b9-87bf-78a65a551312)]","source":"Tidal Cyber","associated_software_id":"9c4d1519-33eb-4280-aa2e-aca22b8e822c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0e2dda06-ba3a-4afa-a5cf-e8de06bbb7b6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"262df396-976b-410f-90c8-90ae8271a9b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3c63792a-1184-416e-aa9b-18da72e88327","name":"CL_Mutexverifiers","type":"tool","source":"Tidal Cyber","software_attack_id":"S3377","tidal_id":"03bec89b-2efe-5e68-8cb4-c2ef69c968d7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c75fd56-0471-4dc0-9fb2-3dda8269e59d","name":"CL_Mutexverifiers.ps1","description":"[[CL_Mutexverifiers.ps1 - LOLBAS Project](/references/75b89502-21ed-4920-95cc-212eaf17f281)]","source":"Tidal Cyber","associated_software_id":"06c669e0-0111-45c3-868d-0b5fad1d1b42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"641208ed-750f-478c-bd0e-433bdf9d4b51","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6047cac0-6d51-4077-a752-002bb978cb6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5321aa75-924c-47ae-b97a-b36f023abf2a","name":"Clop","type":"malware","source":"MITRE","software_attack_id":"S0611","tidal_id":"4348ff00-24cc-50a0-81f8-55ee5237d918","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit42 Clop April 2021](https://app.tidalcyber.com/references/ce48d631-757c-480b-8572-b7d9f4d738c6)][[Cybereason Clop Dec 2020](https://app.tidalcyber.com/references/f54d682d-100e-41bb-96be-6a79ea422066)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a08ce9e6-4721-4189-9d6c-e4e07ec49ca2","tag":"0629ccb3-83b1-4aeb-a9cb-1585b6b21542"},{"id":"9f0077c4-09d8-4c91-add8-cacf32c1d991","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7e8ea076-0f08-488d-ac7c-4719a3b366d9","tag":"b15c16f7-b8c7-4962-9acc-a98a39f87b69"},{"id":"d9465343-bbd6-4ba0-8bcf-5af3df608b49","tag":"b18b5401-d88d-4f28-8f50-a884a5e58349"},{"id":"ed617f04-89d9-477f-86fd-f46b70aed27e","tag":"ac862a66-a4ec-4285-9a21-b63576a5867d"},{"id":"df98940e-5f66-4bee-9c75-a149888eba49","tag":"5ab5f811-5c7e-4f77-ae90-59d3beb93346"},{"id":"4fee637d-2ef7-42fb-be54-67bc67803333","tag":"1b5da77a-bf84-4fba-a6d7-8b3b8f7699e0"},{"id":"9882021d-c1e8-4be5-8b82-18cd59a2f613","tag":"e401022a-36ac-486d-8503-dd531410a927"},{"id":"f1572322-a339-4cf6-9327-185d5bbbaa18","tag":"8a77c410-bed9-4376-87bf-5ac84fbc2c9d"},{"id":"6e3ef8d3-08f8-41dc-9dde-3639ca642ea0","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"bc1d9966-24fb-4484-a9b3-738f81d27f72","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"410494fa-6b24-4895-867a-550bf0f8d51f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7a57e81b-2453-4aaf-94ad-c007bd7105a2","name":"CloudChat Infostealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3129","tidal_id":"9811ceeb-3c79-5530-890a-c3d1508bf047","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"6215f6df-ea18-41ac-8c26-0b7fcf0952d4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2465bee6-3118-4bcd-828f-f915acb6468c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b3dd424b-ee96-449c-aa52-abbc7d4dfb86","name":"CloudDuke","type":"malware","source":"MITRE","software_attack_id":"S0054","tidal_id":"937f1a3b-7cda-5660-a249-b78a08e2e412","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"941f9757-9100-4791-9a6e-77843e6d1e5d","name":"CloudLook","description":"","source":"MITRE","associated_software_id":"f714e1f8-1a16-46cc-981c-26729d500770","owner_id":null,"owner_name":null},{"id":"59d0f44a-2aad-42c3-97cc-4c92e8527f00","name":"MiniDionis","description":"","source":"MITRE","associated_software_id":"4f8334fd-987a-4d3a-b7cf-e5e1800eee90","owner_id":null,"owner_name":null}],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd7f518a-89e0-49a0-a02a-b153f44c15f3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"b34e9f4e-4e08-4a11-9499-86ed40f93d94","name":"Cloudflared","type":"tool","source":"Tidal Cyber","software_attack_id":"S3450","tidal_id":"cf649fbc-7dd7-5734-a61d-0d811ff3ce57","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"36c89a2e-5bbb-4bc5-979d-46f4442e4844","name":"ArgoTunnel","description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","source":"Tidal Cyber","associated_software_id":"cf9771f1-4afb-4b7a-8fa5-45d13b34286e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5d944e93-e98d-4068-85a0-9a07756e0b82","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"0aa09241-f6f4-4e24-b1a6-348f5eb57208","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7afbde0e-deae-4937-b952-e8d7605a4e8b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f38ccc1c-1b9f-4c0c-8963-443a5908f7ea","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"e8c3f7c4-a377-4a39-a528-7b74d912ba67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"98d89476-63ec-4baf-b2b3-86c52170f5d8","name":"cmd","type":"tool","source":"MITRE","software_attack_id":"S0106","tidal_id":"cccfdae8-f98a-5ff5-9bab-cd1115303658","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"94b63e82-16a8-4bc0-a239-2c28cabfa131","name":"cmd.exe","description":"","source":"MITRE","associated_software_id":"2757101d-84c7-4acc-be12-2f2a7b79bc2e","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Know Your Enemy FIN8 Aug 2016](/references/0119687c-b46b-4b5f-a6d8-affa14258392)][[FireEye Obfuscation June 2017](/references/6d1089b7-0efe-4961-8abc-22a882895377)][[Bitdefender FIN8 July 2021](/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Nomadic Octopus 2018](/references/50dcb3f0-1461-453a-aab9-38c2e259173f)]","group_attack_id":"G0133","group_id":"5f8c6ee0-f302-403b-b712-f1e3df064c0c","name":"Nomadic Octopus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Dell Lateral Movement](https://app.tidalcyber.com/references/fcc9b52a-751f-4985-8c32-7aaf411706ad)]","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye Operation Double Tap](/references/4b9af128-98da-48b6-95c7-8d27979c2ab1)][[Symantec Buckeye](/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Kimsuky Nov 2021](/references/17927f0e-297a-45ec-8e1c-8a33892205dc)][[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT41 Aug 2019](/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)][[FireEye APT41 March 2020](/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Gorgon Group Aug 2018](/references/d0605185-3f8d-4846-a718-15572714e15b)]","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Muddy Water March 2021](/references/16b4b834-2f44-4bac-b810-f92080c41f09)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Anomali MUSTANG PANDA October 2019](/references/70277fa4-60a8-475e-993a-c74241b76127)][[Avira Mustang Panda January 2020](/references/bc7755a0-5ee3-477b-b8d7-67174a59d0e2)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Group123](/references/bf8b2bf0-cca3-437b-a640-715f9cc945f7)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Malwarebytes Higaisa 2020](/references/6054e0ab-cf61-49ba-b7f5-58b304477451)][[Zscaler Higaisa 2020](/references/26d7ee2c-d4f7-441a-9073-49c9049b017e)][[PTSecurity Higaisa 2020](/references/cf8f3d9c-0d21-4587-a707-46848a15bd46)]","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike AQUATIC PANDA December 2021](/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Turla PowerShell May 2019](/references/68c0f34b-691a-4847-8d49-f18b7f4e5188)][[Symantec Waterbug Jun 2019](/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro TA505 June 2019](/references/e664a0c7-154f-449e-904d-335be1b72b29)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Volexity SolarWinds](/references/355cecf8-ef3e-4a6e-a652-3bf26fe46d88)][[Microsoft Analyzing Solorigate Dec 2020](/references/8ad72d46-ba2c-426f-bb0d-eb47723c8e11)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cycraft Chimera April 2020](/references/a5a14a4e-2214-44ab-9067-75429409d744)][[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)][[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Palo Alto Unit 42 OutSteel SaintBot February 2022](/references/b0632490-76be-4018-982d-4b73b3d13881)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)][[Talos Seduploader Oct 2017](/references/2db77619-72df-461f-84bf-2d1c3499a5c0)][[Unit42 Cannon Nov 2018](/references/8c634bbc-4878-4b27-aa18-5996ec968809)][[Accenture SNAKEMACKEREL Nov 2018](/references/c38d021c-d84c-4aa7-b7a5-be47e18df1d8)][[TrendMicro Pawn Storm Dec 2020](/references/3bc249cd-f29a-4a74-a179-a6860e43683f)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Novetta Blockbuster](/references/bde96b4f-5f98-4ce5-a507-4b05d192b6d7)][[Novetta Blockbuster Destructive Malware](/references/de278b77-52cb-4126-9341-5b32843ae9f1)][[McAfee Lazarus Resurfaces Feb 2018](/references/4e4cb57d-764a-4233-8fc6-d049a1caabe9)][[US-CERT SHARPKNOT June 2018](/references/b6bb568f-de15-4ace-8075-c08e7835fea2)][[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)][[McAfee GhostSecret](/references/d1cd4f5b-253c-4833-8905-49fb58e7c016)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)][[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)][[PTSecurity Cobalt Group Aug 2017](/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)][[Group IB Cobalt Aug 2017](/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)][[Unit 42 Cobalt Gang Oct 2018](/references/8956f0e5-d07f-4063-bf60-f8b964d03e6d)][[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Ryuk in 5 Hours October 2020](/references/892150f4-769d-447d-b652-e5d85790ee37)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SecureWorks BRONZE UNION June 2017](/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[Symantec Shuckworm January 2022](/references/3abb9cfb-8927-4447-b904-6ed071787bef)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c3b2747c-c82c-429c-bba3-3c3d32986736","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"545ac552-5f97-4b34-b53f-c0b5ab533fbf","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"73519ac9-01fc-4cab-81af-64ac9957cfe7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6505037b-41d8-482a-b36e-3c453798bf73","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e4e94746-c61a-4271-b2aa-7cd2a9f0fb48","tag":"a968c9f3-c190-488f-bacc-92e8f1ce295c"},{"id":"33049693-0852-4d89-9f71-a26b1daf3e43","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6c4406c8-c8d5-4bed-a8bf-233ddf4b7be9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"da252f67-2d4e-419f-b493-d4a1d024a01c","name":"Cmdkey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3201","tidal_id":"8cce4829-39ab-5fea-906a-349e295a9ff2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f20ab947-efa4-42ce-84ee-5b7fc4bc3984","name":"Cmdkey.exe","description":"[[Cmdkey.exe - LOLBAS Project](/references/c9ca075a-8327-463d-96ec-adddf6f1a7bb)]","source":"Tidal Cyber","associated_software_id":"adcf033c-3514-40b4-81fc-d0534cd0d050","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Kaspersky Lyceum October 2021](/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a897a544-306c-4e4d-829e-35a462e1b55c","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"765b7c2f-ab35-4a4f-b79b-bdd7acdd6ed6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"0a74da0f-7214-475e-a08e-ed72701d8c2f","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"112e7785-93f9-4896-8010-b5c29fc66480","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fd52db5a-01ed-4dea-8ce6-99de3206d6dc","tag":"96bff827-e51f-47de-bde6-d2eec0f99767"},{"id":"aaa2416b-2563-49c2-aa74-d7a29f63a93f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6e9187b7-9f1b-45c9-8d6a-23b214e3aa5d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"44a523a8-9ed6-4f01-9a53-0e8ea1e15b51","name":"cmdl32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3202","tidal_id":"c0a1166f-8a98-5020-b2eb-8a83edb518cc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"979b6530-dd16-4d7f-aaca-166b5996304b","name":"cmdl32.exe","description":"[[cmdl32.exe - LOLBAS Project](/references/2628e452-caa1-4058-a405-7c4657fa3245)]","source":"Tidal Cyber","associated_software_id":"ceb926c4-0b32-4073-bfd8-b7fc05cd1d62","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"34f732c2-e6d4-4711-8235-4ae7dd420b92","tag":"4c8f8830-0b2c-4c79-b1db-8659ede492f0"},{"id":"cd2a11ea-d1d1-4508-b580-8717a5a6766b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2a00d249-5a00-402f-a722-e5114f3c2783","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6f848e15-5234-4445-9a05-2949e4c57f0b","name":"Cmstp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3203","tidal_id":"6ed59957-0b07-5336-b92c-99e3311585a7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7cc16603-ebbc-4cad-910b-5b94b16438a9","name":"Cmstp.exe","description":"[[Cmstp.exe - LOLBAS Project](/references/86c21dcd-464a-4870-8aae-25fcaccc889d)]","source":"Tidal Cyber","associated_software_id":"7daa8928-e3ff-4e2c-9a33-df39bec265e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)][[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)][[Unit 42 Cobalt Gang Oct 2018](/references/8956f0e5-d07f-4063-bf60-f8b964d03e6d)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e0525875-160b-4557-875d-08f30572957f","tag":"65938118-2f00-48a1-856e-d1a75a08e3c6"},{"id":"d7fe21eb-ea02-4f31-be67-76dff7abc287","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4ae4d1d0-6823-4edd-b783-66d4d5ca696c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"fbd3f71a-e123-5527-908c-9e7ea0d646e8","name":"COATHANGER","type":"malware","source":"MITRE","software_attack_id":"S1105","tidal_id":"42306077-12f8-590d-921b-0ea6b13f57c4","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9b6bcbba-3ab4-4a4c-a233-cd12254823f6","name":"Cobalt Strike","type":"malware","source":"MITRE","software_attack_id":"S0154","tidal_id":"534c3eee-3f0a-5db1-b05e-c1500861b449","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[Mandiant_UNC2165](https://app.tidalcyber.com/references/92e39558-cd2c-54c4-8930-aafdd2f14bca)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)][[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)][[Anomali MUSTANG PANDA October 2019](https://app.tidalcyber.com/references/70277fa4-60a8-475e-993a-c74241b76127)][[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)][[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)][[McAfee Dianxun March 2021](https://app.tidalcyber.com/references/a40a69d7-7abc-4829-9905-98c156a809fe)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)][[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)][[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Cobalt Group July 2018](https://app.tidalcyber.com/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)][[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)][[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)][[Proofpoint Cobalt June 2017](https://app.tidalcyber.com/references/c4922659-88b2-4311-9c9b-dc9b383d746a)] [[RiskIQ Cobalt Nov 2017](https://app.tidalcyber.com/references/ebf961c5-bd68-42f3-8fd3-000946c7ae9c)][[RiskIQ Cobalt Jan 2018](https://app.tidalcyber.com/references/7d48b679-d44d-466e-b12b-16f0f9858d15)][[Crowdstrike Global Threat Report Feb 2018](https://app.tidalcyber.com/references/6c1ace5b-66b2-4c56-9301-822aad2c3c16)][[TrendMicro Cobalt Group Nov 2017](https://app.tidalcyber.com/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)][[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)][[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[SentinelOne NobleBaron June 2021](https://app.tidalcyber.com/references/98cf2bb0-f36c-45af-8d47-bf26aca3bb09)][[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)][[Secureworks IRON RITUAL USAID Phish May 2021](https://app.tidalcyber.com/references/0d42c329-5847-4970-9580-2318a566df4e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)][[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6) as a post-exploitation tool.[[Picus BlackByte 2022](https://app.tidalcyber.com/references/de5a3cdd-2169-5d1c-b78a-e5fbdf55a71c)][[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G1020","group_id":"0898e7cb-118e-5eeb-b856-04e56ed18182","name":"Mustard Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)][[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) operations include the use of [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6).[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)][[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)][[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Google TAG Ukraine IABs September 7 2022](/references/848da19d-b02d-4b78-b3c1-a72d5034fd45)]","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as Cobalt Strike.[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Volexity InkySquid BLUELIGHT August 2021](https://app.tidalcyber.com/references/7e394434-364f-4e50-9a96-3e75dacc9866)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike AQUATIC PANDA December 2021](https://app.tidalcyber.com/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)][[Unit 42 Playbook Dec 2017](https://app.tidalcyber.com/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)][[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky LuminousMoth July 2021](https://app.tidalcyber.com/references/e21c6931-fba8-52b0-b6f0-1c8222881fbd)][[Bitdefender LuminousMoth July 2021](https://app.tidalcyber.com/references/6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3)]","group_attack_id":"G1014","group_id":"b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a","name":"LuminousMoth","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)][[Volexity OceanLotus Nov 2017](https://app.tidalcyber.com/references/ed9f5545-377f-4a12-92e4-c0439cc5b037)][[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)][[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)][[Volexity Ocean Lotus November 2020](https://app.tidalcyber.com/references/dbea2493-7e0a-47f0-88c1-5867f8bb1199)][[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)][[Unit 42 KerrDown February 2019](https://app.tidalcyber.com/references/bff5dbfe-d080-46c1-82b7-272e03d2aa8c)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT19](https://app.tidalcyber.com/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"589f8477-8f59-4d47-8fc7-27c9fc4659b9","tag":"9b9e99a7-5efa-47c7-9f27-ea0792da38a9"},{"id":"dde51fd3-5974-4d0c-8267-459fec9e8b16","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d7701786-8ab0-4780-87c5-0b5f80c1dad8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"28dd4989-f5be-4af1-b287-bfd3b8b910fe","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"c5e1ee3e-76e4-4a97-a687-b56b5bc46d5c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"caa31e3b-3918-4886-9d94-4c034925dcc1","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"40064385-3a4d-4b01-a39d-72ccc5b923eb","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"d2c572f6-12ce-4b34-9bd4-90be6e5643ba","tag":"56d89c06-23a0-4642-adfc-1fffd3524191"},{"id":"0ad25478-86bc-4fb3-a6f6-546835f2bc64","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"15eb5700-8fd4-47c2-9608-9404e8f916ad","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a337f06b-a246-4331-87b5-9c7ba07593a2","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"8708c4d7-778a-40fe-a43a-3eec7bd9cd9b","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"cf47b3ce-1392-4904-a4e6-f65aebebddc6","name":"Cobalt Strike Random C2 Profile Generator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3080","tidal_id":"cca3df03-c521-5189-8bca-af0c08842012","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3f2c4d87-ada7-4987-b811-580ea815ce51","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"876be5cb-8e04-4ec3-8e7d-7211f7ffb355","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":"TidalCyberIan"},{"id":"d4e6f9f7-7f4d-47c2-be24-b267d9317303","name":"Cobian RAT","type":"malware","source":"MITRE","software_attack_id":"S0338","tidal_id":"207f0ef6-471b-54df-9a45-9d0d5df972ed","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2635fc5b-84ff-40b1-94c6-d9478d3714fb","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"49d440e4-b2ea-4e7d-8ded-8589ddf679d9","name":"code","type":"tool","source":"Tidal Cyber","software_attack_id":"S3306","tidal_id":"6ff0b77f-01a7-531f-8483-054834162163","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ae8da2a7-2ce7-4aa5-8256-1962ec754428","name":"code.exe","description":"[[code.exe - LOLBAS Project](/references/4a93063b-f3a3-4726-870d-b8f744651363)]","source":"Tidal Cyber","associated_software_id":"74673d53-5fe4-4e98-ade5-b4a545d2373c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b6594130-12b3-4225-ac70-d7994208cf60","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2ea2a5bc-a46e-4566-9136-b67e349f8a29","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b0d9b31a-072b-4744-8d2f-3a63256a932f","name":"CoinTicker","type":"malware","source":"MITRE","software_attack_id":"S0369","tidal_id":"b442efa6-a40b-51c4-adcf-4cb6b1b00733","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9f006b88-2f13-4c99-ade0-839da70d1e11","name":"Colorcpl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3204","tidal_id":"f4ebc151-31a9-56e3-9e58-2e35a3635db1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4719e863-dac0-409d-b6d3-52d7ce388044","name":"Colorcpl.exe","description":"[[Colorcpl.exe - LOLBAS Project](/references/53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25)]","source":"Tidal Cyber","associated_software_id":"6044424d-3732-4cac-85a8-b4059f4e0af4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d2c966dd-3358-49af-b899-082a9bdf4ef3","tag":"884eb1b1-aede-4db0-8443-ba50624682e1"},{"id":"69431965-bd1a-4fac-95e1-19779a533f8b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f4714d85-7dcd-4fff-8ad6-861369001255","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"341fc709-4908-4e41-8df3-554dae6d72b0","name":"Comnie","type":"malware","source":"MITRE","software_attack_id":"S0244","tidal_id":"ce48084e-9b43-585a-a307-d563ce3a92ab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"74117c5a-a102-4680-9c5f-c3bf5d7fac9a","name":"ComputerDefaults","type":"tool","source":"Tidal Cyber","software_attack_id":"S3476","tidal_id":"ec501670-9ee0-5cb1-9d98-e05158a34024","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d0b077ae-b6d6-4850-b095-33c324a0a38e","name":"ComputerDefaults.exe","description":"[[ComputerDefaults.exe - LOLBAS Project](/references/48a081b8-18ff-43b8-ba95-5856aacc6afa)]","source":"Tidal Cyber","associated_software_id":"59d51b7b-f4fb-441e-aab3-9de643f3aa1a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ea8ca0b2-24d5-4dc2-8af1-dfd62fa3745f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2f005fb3-0783-4288-8e29-7f0f18cfd280","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"300c5997-a486-4a61-8213-93a180c22849","name":"ComRAT","type":"malware","source":"MITRE","software_attack_id":"S0126","tidal_id":"f0e3ad68-e3f8-5ab4-8afb-2ecea64c2a54","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Waterbug](https://app.tidalcyber.com/references/ec02f951-17b8-44cb-945a-e5c313555124)][[Unit 42 IronNetInjector February 2021 ](https://app.tidalcyber.com/references/f04c89f7-d951-4ebc-a5e4-2cc69476c43f)][[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9b1ca867-e724-45d6-b07e-371a5df6743c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"0448178d-fff1-4174-8339-e6bfca78fb84","name":"Comsvcs","type":"tool","source":"Tidal Cyber","software_attack_id":"S3323","tidal_id":"d73f7df8-fb10-53b3-a9ac-7ae5e79602a4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1fa287c7-a4a3-4072-9dd0-ba7b634c0880","name":"Comsvcs.dll","description":"[[Comsvcs.dll - LOLBAS Project](/references/2eb2756d-5a49-4df3-9e2f-104c41c645cd)]","source":"Tidal Cyber","associated_software_id":"07f103cf-9a8a-4f68-a96b-877113e6c538","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)][[FireEye APT35 2018](/references/71d3db50-4a20-4d8e-a640-4670d642205c)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"62aea35b-bd8d-4709-9e1c-0ed08ef0f0ec","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3a7cf4cf-f49f-48e2-82da-924f0de917fd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a175c55b-bf8e-4412-a45a-ac2e6615579c","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"018b09f2-1d16-4efe-8321-8a571663b9a7","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"cdcc64dc-ee3e-42cf-90ce-5dcfb36b6e8d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2c47772f-df0c-416f-b212-1e872976c317","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"98c3a651-25ba-4b72-b468-6158b81b47c5","tag":"334b0ee4-5a0d-4634-91c8-236593b818a0"},{"id":"70bc2cde-a64d-4e45-975f-6bba5f68ef50","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"64ac1af4-b4bf-43c8-9ee2-bec772132388","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ef33f1fa-18a3-4b30-b359-17b7930f43a7","name":"Conficker","type":"malware","source":"MITRE","software_attack_id":"S0608","tidal_id":"4212fb97-a58b-57af-a428-42533da296c3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2d9c5a54-c465-46b8-b0f1-9c1e6eb3a4fb","name":"Kido","description":"[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)] ","source":"MITRE","associated_software_id":"a8d8ea16-3ec8-41bb-a27a-7f67511a78ee","owner_id":null,"owner_name":null},{"id":"b663e730-924d-4332-ae78-165cd782bb72","name":"Downadup","description":"[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)] ","source":"MITRE","associated_software_id":"2871c307-fede-464e-b25e-ad6051d25c63","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"a418d216-d70b-410c-9de8-41232d636ab2","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"0e178275-4eb7-4fae-a703-d9730adf6a26","name":"ConfigSecurityPolicy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3205","tidal_id":"d6fab602-293b-5bb0-9107-11a86f8f04de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eb5bb379-c403-4f10-8d49-c3d7020d634e","name":"ConfigSecurityPolicy.exe","description":"[[ConfigSecurityPolicy.exe - LOLBAS Project](/references/30b8a5d8-596c-4ab3-b3db-b799cc8923e1)]","source":"Tidal Cyber","associated_software_id":"45ba655d-a1fc-4305-abed-38f72ef3a832","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"239ced3d-4715-442b-8437-20ee1d1201fb","tag":"d99039e1-e677-4226-8b63-e698d6642535"},{"id":"d614f271-8dc5-44d1-97ac-4bacec14ff92","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cbf78fcb-f4e1-4c29-9ea4-8ed6755630c2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d3f8a214-3e65-4b7d-aed6-97a3e38ef8e0","name":"Conhost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3206","tidal_id":"5319198c-602a-568d-9962-de2f33f10f6c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7829c614-b785-49cf-adf0-21017cd710e4","name":"Conhost.exe","description":"[[Conhost.exe - LOLBAS Project](/references/5ed807c1-15d1-48aa-b497-8cd74fe5b299)]","source":"Tidal Cyber","associated_software_id":"8a24ebd6-9351-4197-8728-6aa45e3dfce3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b2a632f9-b3ff-40eb-b84c-56849de7cb36","tag":"ea54037d-e07b-42b0-afe6-33576ec36f44"},{"id":"db11d2e8-fdc1-4122-834c-b63e4c340ac9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d77515d1-89df-4f74-8dcc-87a06e645372","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6f9bb24d-cce2-49de-bedd-1849d9bde7a0","name":"ConnectWise","type":"tool","source":"MITRE","software_attack_id":"S0591","tidal_id":"5fe3efd0-fa82-5884-8651-e8328012e548","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"88e96478-a49a-4cf5-b88d-04221550794d","name":"ScreenConnect","description":"[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)]","source":"MITRE","associated_software_id":"0280eeae-b087-48c3-937c-2edf419f6835","owner_id":null,"owner_name":null}],"groups":[{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Truesec AB August 30 2024](/references/de2de0a9-17d2-41c2-838b-7850762b80ae)]","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)][[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)][[Tetra Defense Sodinokibi March 2020](https://app.tidalcyber.com/references/a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50)]","group_attack_id":"G0115","group_id":"b4d068ac-9b68-4cd8-bf0c-019f910ef8e3","name":"GOLD SOUTHFIELD","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1dc055e3-5fcb-4e99-8adc-85fdf1d454f8","tag":"6b4ccbb1-d9a9-4ca3-9178-7d332c2c8a14"},{"id":"6c1ccaf2-a140-4595-845e-5362636fbab9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"fefe28ea-c803-48a6-9f5e-21b1bc5b11d1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"834954db-2b69-4d7b-8099-4d9480069299","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"ad190a3c-7612-4600-acd4-585a2f04bf1c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"73cc6fa3-51c4-45fd-a8ea-5e20cc3f0960","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"2500b5cd-c173-47eb-b403-aafec5f2b43f","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"1ca0d6db-6f30-4f7c-bf5a-39796e71eaff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e89e1ff8-3fbc-4664-9010-f4a79e673a02","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"39b47913-8165-4cbd-9bb4-820a9ef0dd99","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"d7eb1b45-1d41-4323-841f-7c11179323e1","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"56855aea-b438-4d85-ae87-0e0b569f4b1f","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f7b15caa-dd3a-452f-b835-1f481c00ae10","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f58caa4e-1c20-417f-a4dd-3024e103eba3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7df8df77-908b-4d8e-b4e0-70b6c38dc129","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"172b9bc7-78e0-476e-be8a-58b233c17f63","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"a2d6050a-4bad-44e4-aa9a-446565d90505","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":null},{"id":"8e995c29-2759-4aeb-9a0f-bb7cd97b06e5","name":"Conti","type":"malware","source":"MITRE","software_attack_id":"S0575","tidal_id":"ae061f61-2923-56b0-8642-8b6bac1a970e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7e336cba-fd58-42d8-84cc-6fe9a86354c4","tag":"a3d78265-f5b3-4254-8af5-c629dbb795d4"},{"id":"de981d1e-f5a0-4ec3-b2ac-23dfc5ad0ac8","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"74ba26a5-0dd3-4d54-9c8f-6e5cbc11cb6e","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"4600e8ca-357d-4cbf-afad-f9de2e14a227","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"a90111e6-39c9-420a-a736-ace02bea7f24","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"959e0ec4-5242-4a02-a099-f3aaeb142101","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ad94da91-7416-4b2b-a64a-82f863771149","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"fd991f83-ecc9-4ad1-b180-6ce8c50fe289","tag":"3d90eed2-862d-4f61-8c8f-0b8da3e45af0"},{"id":"68510b55-c337-4973-a66b-c8955e311851","tag":"12a2e20a-7c27-46bb-954d-b372833a9925"},{"id":"b8f55bd1-583d-448f-8b7c-501b32bbe6a6","tag":"1b98f09a-7d93-4abb-8f3e-1eacdb9f9871"},{"id":"45bd659f-aa21-4e0f-bfae-50a63fa0bf06","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"9bad9600-0d9f-4b8c-8ebe-c25dd47c31ba","tag":"dea4388a-b1f2-4f2a-9df9-108631d0d078"},{"id":"ce441caf-28da-42ef-a190-72a6b9afb7ae","tag":"24448a05-2337-4bc9-a889-a83f2fd1f3ad"},{"id":"fa4e8ee4-8d57-4eeb-a14b-399086a00463","tag":"2743d495-7728-4a75-9e5f-b64854039792"},{"id":"48c3f858-5349-4e64-a408-a9a54ad4eab8","tag":"d713747c-2d53-487e-9dac-259230f04460"},{"id":"d274ea25-49ea-413b-a74a-7f43094a97d6","tag":"fde4c246-7d2d-4d53-938b-44651cf273f1"},{"id":"0ec5221c-a44b-4b45-a5f6-97a685bb6832","tag":"964c2590-4b52-48c6-afff-9a6d72e68908"},{"id":"9b9a6cdb-c05b-4899-83a3-c900d8691a80","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"596c48e0-528d-4797-b8fe-10bd3d2b5121","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"efc46430-b27f-4b05-bc36-1d5eba685ec7","name":"Control","type":"tool","source":"Tidal Cyber","software_attack_id":"S3207","tidal_id":"44544de5-1315-5b1a-a851-6fefdd8cadea","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4b684811-8f00-4b38-8496-95146a80c07b","name":"Control.exe","description":"[[Control.exe - LOLBAS Project](/references/d0c821b9-7d37-4158-89fa-0dabe6e06800)]","source":"Tidal Cyber","associated_software_id":"94e2981f-681e-4bb8-bcef-98f8ed60f4ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6c47e8a7-1c37-4604-a605-84b59f7db189","tag":"53ac2b35-d302-4bdd-9931-5b6c6cb31b96"},{"id":"91d5280e-4e39-42f0-b0a5-7e8384b8ea74","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7ee9133c-1e20-4e6f-bfe9-b9f8f539291d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6e2c4aef-2f69-4507-9ee3-55432d76341e","name":"CookieMiner","type":"malware","source":"MITRE","software_attack_id":"S0492","tidal_id":"b2228db5-4c34-5e27-9dfc-df308b4045c3","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f13c8455-d615-4f8d-9d9c-5b31e593cd8a","name":"CORALDECK","type":"malware","source":"MITRE","software_attack_id":"S0212","tidal_id":"a870f488-40ac-5fb9-a212-d6a2f082690d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c928448b-1b41-4920-b3a1-36f1175ffc3d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"b7dacd5c-eaba-48db-bdd7-e779a82b2ba7","name":"coregen","type":"tool","source":"Tidal Cyber","software_attack_id":"S3330","tidal_id":"073cfe5f-2423-58ba-ba84-266a5ba9231d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9cb45e94-99bf-46a7-94c5-29d6e5658074","name":"coregen.exe","description":"[[coregen.exe - LOLBAS Project](/references/f24d4cf5-9ca9-46bd-bd43-86b37e2a638a)]","source":"Tidal Cyber","associated_software_id":"462f4c43-12e3-4901-b741-72e8c6e6e98a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d133a888-04d2-4e34-a055-3ca8c72e33db","tag":"a19a158e-aec4-410a-8c3e-e9080b111183"},{"id":"44cf958f-3ec5-45c7-9c6e-18d0b32f2432","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b087935e-8fe4-441a-8819-7322ee646b2c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"caa50504-2669-4725-87bb-8c56f1944933","name":"Core Impact","type":"tool","source":"Tidal Cyber","software_attack_id":"S3460","tidal_id":"7b7667b5-e7d7-5a15-83a5-25c3e53daee1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7e7e4a1-ccee-4c6f-8401-3955afd0bcb2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ac452f04-a776-4a95-a7d5-b422136af42b","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"7fd588ae-0843-4107-b2a2-01955bfc0487","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c72d2b45-6ada-4615-9705-2656168db7f4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b193f62-2b49-4eff-bdf4-501fb8a28274","name":"CORESHELL","type":"malware","source":"MITRE","software_attack_id":"S0137","tidal_id":"90aa94e3-0e5d-5324-b4d9-04f770fddc5e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c75a41d8-df0f-4607-8b07-76747810a7d9","name":"SOURFACE","description":"[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)] [[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]","source":"MITRE","associated_software_id":"36d5d0ca-1bfc-45b1-ac54-2da2e1b2a5c7","owner_id":null,"owner_name":null},{"id":"e66db2f3-651c-44d4-91ad-fb4b6065ecbf","name":"Sofacy","description":"This designation has been used in reporting both to refer to the threat group ([APT28](https://app.tidalcyber.com/groups/5b1a5b9e-4722-41fc-a15d-196a549e3ac5)) and its associated malware.[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)] [[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]","source":"MITRE","associated_software_id":"8af3037f-732c-433e-8689-701593604bae","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2ed6edb1-3c5a-4a2f-b1b2-665c369c94bd","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"e4e37a06-ee31-44bf-a818-efa236ada136","name":"Corona (Mirai Botnet Variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3167","tidal_id":"03a76d1c-e302-59b9-b0a9-313ccd653b23","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"a4946afd-07b4-4993-abf4-60a85497f8a7","tag":"55cb344a-cbd5-4fd1-a1e9-30bbc956527e"},{"id":"e7440b65-df80-41e0-aadc-c4722225d4d1","tag":"f925e659-1120-4b76-92b6-071a7fb757d6"},{"id":"ff0dfec6-acc7-4f79-be04-e00e5066929a","tag":"06236145-e9d6-461c-b7e4-284b3de5f561"},{"id":"22f37b91-2e26-406d-b8b3-1d03f7d08648","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"fd087d7a-08b0-4a02-9836-c84202c6cb4b","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"},{"id":"d5eea712-dbbb-45ad-849d-3d5c849b7c51","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":"TidalCyberIan"},{"id":"43b317c6-5b4f-47b8-b7b4-15cd6f455091","name":"CosmicDuke","type":"malware","source":"MITRE","software_attack_id":"S0050","tidal_id":"99545c1f-977f-57f0-9a1d-de54935604de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3f0427ff-2b73-4275-b612-ba4f2d2d77c7","name":"TinyBaron","description":"","source":"MITRE","associated_software_id":"b46da8df-d944-4bf0-b715-dad7dbc6d658","owner_id":null,"owner_name":null},{"id":"8df5fe1b-184a-4a87-9244-244eb3c5f92a","name":"BotgenStudios","description":"","source":"MITRE","associated_software_id":"f5f9ef72-8f34-47d6-a767-86b3b07ce00e","owner_id":null,"owner_name":null},{"id":"9fafca05-8cff-41ae-beba-dd50db7d9c15","name":"NemesisGemina","description":"","source":"MITRE","associated_software_id":"d7724aad-70a0-40a8-ad43-a92bedb8f8fd","owner_id":null,"owner_name":null}],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b0190895-1cff-4589-aa0b-a9d8261c8869","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"ea9e2d19-89fe-4039-a1e0-467b14554c6f","name":"CostaBricks","type":"malware","source":"MITRE","software_attack_id":"S0614","tidal_id":"6cf559c2-4900-58b7-b4b7-fdb6e1cae292","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c9cea5ac-b426-5484-a228-6eeffa173611","name":"Covenant","type":"tool","source":"MITRE","software_attack_id":"S1155","tidal_id":"c9cea5ac-b426-5484-a228-6eeffa173611","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[HAFNIUM](https://app.tidalcyber.com/groups/1bcc9382-ccfe-4b04-91f3-ef1250df5e5b) used [Covenant](https://app.tidalcyber.com/software/c9cea5ac-b426-5484-a228-6eeffa173611) for command and control following compromise of internet-facing servers.[[Microsoft HAFNIUM March 2020](https://app.tidalcyber.com/references/6a986c46-79a3-49c6-94d2-d9b1f5db08f3)][[Microsoft Silk Typhoon MAR 2025](https://app.tidalcyber.com/references/08dd388f-5c10-57bc-8263-7214fe667b4a)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f1096809-b870-47aa-b50c-32413b0783ea","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9fddc90d-8518-4461-af27-3bcf6e4da3ae","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"c2353daa-fd4c-44e1-8013-55400439965a","name":"CozyCar","type":"malware","source":"MITRE","software_attack_id":"S0046","tidal_id":"946f059b-2227-5949-ac9f-0f60b01ac23a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1880d53-16e2-4055-9da9-61fc13118bef","name":"CozyDuke","description":"","source":"MITRE","associated_software_id":"58e77779-2cc6-4570-95a7-fb59b089ab28","owner_id":null,"owner_name":null},{"id":"d3c41287-ead9-42bd-9657-0280e926633f","name":"CozyBear","description":"","source":"MITRE","associated_software_id":"49b8f0f4-77aa-4c7e-925d-054102c7178b","owner_id":null,"owner_name":null},{"id":"5694df56-a690-4ff9-9b19-467a190d26a9","name":"Cozer","description":"","source":"MITRE","associated_software_id":"60187172-ade3-4d87-8d51-3b064838867d","owner_id":null,"owner_name":null},{"id":"d541afa1-c54a-4dc9-939b-aacc5251fc44","name":"EuroAPT","description":"","source":"MITRE","associated_software_id":"8b01f729-fa16-4bd7-b5d3-2d84a1ecb32b","owner_id":null,"owner_name":null}],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8808a768-af43-4049-b6de-dae9195ffd3d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"47e710b4-1397-47cf-a979-20891192f313","name":"CrackMapExec","type":"tool","source":"MITRE","software_attack_id":"S0488","tidal_id":"a9ae1a7f-74da-5530-b3d7-205d0f4da6aa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"\n[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Rakesh Krishnan Devman May 23 2025](/references/4d14f459-c939-4120-b2e2-2a8a36b01e76)]","group_attack_id":"G3110","group_id":"b7b61ba1-7b0c-4568-a5ee-8b6634ed5b60","name":"Devman Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)][[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)][[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)][[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) used [CrackMapExec](https://app.tidalcyber.com/software/47e710b4-1397-47cf-a979-20891192f313) during intrusions.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c1e2dfcb-f631-4d78-b286-2539f3275eb7","tag":"f683d62f-15d4-43c0-a8a3-7d6310e552f3"},{"id":"23033451-d3db-4d4e-a43e-ebd3a41d0714","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"f5f796df-515b-4110-876f-35f5e6ba9e43","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"233da2cd-17d5-4c0d-b647-1ef95e8fe7ce","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"69ae59ea-e115-4fbd-840e-2aa5a842ad20","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"40803fed-ffb9-4618-bc50-4a0710c9bd8a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c3c0fc46-02ef-44a0-8f7c-3a38f85b9855","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"020176ee-9d17-4e75-a113-f12e7468ccd2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"536ac912-2334-4852-ac18-b8bec67eff64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1ca927bf-7820-433d-a927-f44e1b48e31c","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"a574b315-523c-45c3-8743-feb3d541e81a","name":"Createdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3331","tidal_id":"0c0ff1f9-b950-524f-bbb0-72ebd9f04945","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"47df2f27-f2a2-4857-8f0c-e75179b93b8c","name":"Createdump.exe","description":"[[Createdump.exe - LOLBAS Project](/references/f3ccacc1-3b42-4042-9a5c-f5b483a5e801)]","source":"Tidal Cyber","associated_software_id":"8a49e7dc-04ce-44d3-919d-91700e11e1c9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a3b4fbe2-199f-405a-bd9e-7a4b35e89433","tag":"7beee233-2b65-4593-88e6-a5c0c02c6a08"},{"id":"080b5f1f-2633-42a8-bde4-b83b2190f42a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"60152ee0-503c-4644-8ed6-09435a9f141e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"516ffd19-72b9-43a1-b866-bb075fdcb137","name":"CredoMap","type":"malware","source":"Tidal Cyber","software_attack_id":"S3099","tidal_id":"17a7117e-9908-511e-b01c-0ffdd6794dab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-009](/references/5365ac4c-fbb8-4389-989e-a64cb7693371)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"27a28353-92f8-4b2e-a4ab-dbc2d10e296a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"541be567-7ecf-41c8-b5fe-7a7d48218de6","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"7f7f05c3-fbb1-475e-b672-2113709065c8","name":"CreepyDrive","type":"malware","source":"MITRE","software_attack_id":"S1023","tidal_id":"11f50586-b992-50ec-97ee-c58089be753d","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft POLONIUM June 2022](https://app.tidalcyber.com/references/689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd)]","group_attack_id":"G1005","group_id":"7fbd7514-76e9-4696-8c66-9f95546e3315","name":"POLONIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5fb2238b-1213-4ae0-908e-726dbc29a852","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"991ada6d-9f84-43e4-8ac2-a2ebfd5e3a60","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3c704bd1-a80b-4bf8-b828-49decbe7a66f","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"93ebf10d-4034-4059-9b33-7c0151ec423d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"11ce380c-481b-4c9b-b44e-06f1a91c01c1","name":"CreepySnail","type":"malware","source":"MITRE","software_attack_id":"S1024","tidal_id":"8dfc2b62-6fb3-5cc2-9c76-04be18969e9d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft POLONIUM June 2022](https://app.tidalcyber.com/references/689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd)]","group_attack_id":"G1005","group_id":"7fbd7514-76e9-4696-8c66-9f95546e3315","name":"POLONIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3b3f296f-20a6-459a-98c5-62ebdee3701f","name":"Crimson","type":"malware","source":"MITRE","software_attack_id":"S0115","tidal_id":"90c01c50-44da-521c-b4f7-330ebea5116f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b5691880-3483-4eb2-8075-a6232299f4bd","name":"MSIL/Crimson","description":"[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)]","source":"MITRE","associated_software_id":"349d3f77-068f-4300-98b9-05245f5f3a7a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)][[Cisco Talos Transparent Tribe Education Campaign July 2022](https://app.tidalcyber.com/references/acb10fb6-608f-44d3-9faf-7e577b0e2786)]","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8173a00b-4fa2-4af5-b9af-ed60f8876a05","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"38811c3b-f548-43fa-ab26-c7243b84a055","name":"CrossRAT","type":"malware","source":"MITRE","software_attack_id":"S0235","tidal_id":"01811dd1-62b0-5d50-8256-536d74c1dd14","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e1ad229b-d750-4148-a1f3-36e767b03cd1","name":"Crutch","type":"malware","source":"MITRE","software_attack_id":"S0538","tidal_id":"8acb9d3b-58ad-59c4-98f2-f3c7f9348f51","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)][[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1b6fa662-556e-49ae-a420-41f7bfd36eb8","name":"CryptBot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3430","tidal_id":"2bee3ce5-f40d-5ad4-9c36-4c68532810ba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"91dd986f-7d37-4fb3-aad5-a54b09de3a19","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"2c510b11-10b7-4839-addb-7f122be2d751","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6c0b1e51-8f21-44d5-b059-89bd6cb8e5ba","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"12ce6d04-ebe5-440e-b342-0283b7c8a0c8","name":"Cryptoistic","type":"malware","source":"MITRE","software_attack_id":"S0498","tidal_id":"64252c4e-07b5-5bcd-b32a-af4d2adfa4b2","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"[[SentinelOne Lazarus macOS July 2020](https://app.tidalcyber.com/references/489c52a2-34cc-47ff-b42b-9d48f83b9e90)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"939eeb6b-3f74-43b6-8ead-644457ee7d78","name":"Csc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3208","tidal_id":"1b02f633-340d-5f51-80c2-281e04cbb232","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2f3dd328-c1cb-4711-92a8-c1762925f427","name":"Csc.exe","description":"[[Csc.exe - LOLBAS Project](/references/276c9e55-4673-426d-8f49-06edee2e3b30)]","source":"Tidal Cyber","associated_software_id":"909a545e-eec1-4c0d-a57e-a183bf036bb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[ClearSky MuddyWater Nov 2018](/references/a5f60f45-5df5-407d-9f68-bc5f7c42ee85)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a3a1c6a-9e04-49f5-b7bb-be95640787d4","tag":"2ee25dd6-256c-4659-b1b6-f5afc943ccc1"},{"id":"d45c8512-8f53-4b84-9946-376af242acc5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"666165f1-50d2-43ae-9043-ba7547a29615","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"83036c61-d8cf-42f8-a9e5-dc3d26d75cdc","name":"Cscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3209","tidal_id":"270bd9fd-cec4-543b-b8b8-21a12a38dd38","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"85524fce-888e-4754-ad46-8635c24c0d12","name":"Cscript.exe","description":"[[Cscript.exe - LOLBAS Project](/references/428b6223-63b7-497f-b13a-e472b4583a9f)]","source":"Tidal Cyber","associated_software_id":"589c7b11-190b-4cd3-b8c4-cf623697d207","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fdfbb17c-3242-445f-a045-8a80dd1620d7","tag":"7cae5f59-dbbf-406f-928d-118430d2bdd0"},{"id":"afdc105a-e05c-4557-8c94-939460e67905","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"852e2341-6496-4072-b1b6-62ae768f6fff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a11e4ebf-59e4-4b79-8a20-be1618dfbaed","name":"csi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3332","tidal_id":"1f116d59-e034-5aad-b893-15419e6d0d79","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"adf2b27f-3e99-42a9-8d00-45d15feb8b05","name":"csi.exe","description":"[[csi.exe - LOLBAS Project](/references/b810ee91-de4e-4c7b-8fa8-24dca95133e5)]","source":"Tidal Cyber","associated_software_id":"bebeee27-af58-4daa-ae34-c432ba0aaf0d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dfd17d38-b62a-48f2-9d51-890c6a552797","tag":"86bb7f3c-652c-4f77-af2a-34677ff42315"},{"id":"c81c4070-c02d-48f1-809a-a7c058a08b3f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"40843646-32bf-4d3b-a5f5-d49c57f38cde","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"eb481db6-d7ba-4873-a171-76a228c9eb97","name":"CSPY Downloader","type":"tool","source":"MITRE","software_attack_id":"S0527","tidal_id":"817600cc-b673-5d0d-b58d-a27cde18a06a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"095064c6-144e-4935-b878-f82151bc08e4","name":"Cuba","type":"malware","source":"MITRE","software_attack_id":"S0625","tidal_id":"984cc794-41d0-58ea-87db-05b5fb4fa769","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Cuba Ransomware October 2022](/references/d6ed5172-a319-45b0-b1cb-d270a2a48fa3)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"47ecac2d-4684-4fdd-98cd-d89fef5a523d","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"40547678-c2fc-4b93-9160-66a821962f50","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"a6e477d3-db52-4c5b-bb0a-6afc97665060","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"b1b775a0-d865-4b4f-8dfd-97f0a48c1dc4","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"0b941d17-8345-4884-ad03-9ac36b0a48e4","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0c209374-0448-4e85-901e-b32237cadc12","tag":"4bc9ab8f-7f57-4b1a-8857-ffaa7e5cc930"},{"id":"0afa4846-8a17-4e88-9dfa-c0efc50c770d","tag":"17864218-bc4f-4564-8abf-97c988eea9f7"},{"id":"2c4d3ffb-a998-4a48-835d-de7a0f8142d3","tag":"b6458e46-650e-4e96-8e68-8a9d70bcf045"},{"id":"5ddaacdd-11ca-4226-93ea-9492b0600590","tag":"bac51672-8240-4182-9087-23626023e509"},{"id":"ab593e03-0187-4755-97d5-cab3574334d3","tag":"c5c8f954-1bc0-45d5-9a4f-4385d0a720a1"},{"id":"3ce778f3-fb64-4e52-b71a-c23531a2c71f","tag":"2743d495-7728-4a75-9e5f-b64854039792"},{"id":"2fc70292-8279-4354-9959-03e4e97b5f3f","tag":"d713747c-2d53-487e-9dac-259230f04460"},{"id":"9dfe1ec4-b4f3-4454-a534-c5e8c0f7e399","tag":"fde4c246-7d2d-4d53-938b-44651cf273f1"},{"id":"63a2da47-bac9-4680-a176-2df9a2f918c4","tag":"964c2590-4b52-48c6-afff-9a6d72e68908"},{"id":"488138e8-cc4e-4ad3-afa0-ff4ec5655aab","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"c774fe27-033d-4330-bf48-4729a572bd7d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"6e8c24c1-1cbd-5698-9a91-c3e0d937adf4","name":"Cuckoo Stealer","type":"malware","source":"MITRE","software_attack_id":"S1153","tidal_id":"6e8c24c1-1cbd-5698-9a91-c3e0d937adf4","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"911e9591-b488-4b48-b468-9fb32c9999d3","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"fe225b25-1c82-4be2-93f7-08989cf1f201","name":"curl","type":"tool","source":"Trellix TIG","software_attack_id":"S3465","tidal_id":"aa60820e-e69f-52c8-a12d-5290d7faf455","platforms":[],"associated_software":[{"id":"0c0a2fda-d09d-4a7c-ba8a-c4ff9777c533","name":"curl.exe","description":"","source":"Trellix TIG","associated_software_id":"c61ab276-ecfe-4ab4-a221-6ecc1e8b9e98","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1e29a1b4-50d4-4699-b90a-e5100f652c66","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"7cd296ab-b749-41ea-ab52-10bb03cce12e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"0fe16787-d354-403e-8579-8ce422d6ab54","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"3ff0d4fc-6678-42f0-869b-f48906d98f82","name":"CustomShellHost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3210","tidal_id":"e6583517-d05f-5c2d-9e8a-a1730c366aa3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a45110a8-8c68-4aeb-87b9-668376785df5","name":"CustomShellHost.exe","description":"[[CustomShellHost.exe - LOLBAS Project](/references/96324ab1-7eb8-42dc-b19a-fa1d9f85e239)]","source":"Tidal Cyber","associated_software_id":"642284c2-5216-47f6-994b-98ff2fa839b9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2f1f703a-8d9e-4de8-8cbc-b29ca28d2588","tag":"536c3d51-9fc4-445e-9723-e11b69f0d6d5"},{"id":"01fbd02d-3f81-4fa7-8888-66fcc4995594","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ceded1a7-9f04-4c69-a6c1-b6c6aed89ed6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ac9e314c-1e14-4b56-92a2-0ba96c986f13","name":"CyberVolk Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3466","tidal_id":"fba287cf-dab6-5772-bb3b-7205a8a3bbff","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aa9bc396-beb2-4ec5-974f-6038d9ea7aa1","name":"Invisible Ransom","description":"[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]","source":"Tidal Cyber","associated_software_id":"4c648717-9db6-4287-a51c-4f72cd98ffb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"68bdb0a1-9bc5-414e-9790-6f762dea2f92","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"78d96df0-6a9d-4b8a-bdee-9e59be525c3e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"2a77451b-e7df-4ea0-b8a4-fa06dea42f29","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"76ed2e2c-f4d0-4933-ac34-81ad2791dca9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"68792756-7dbf-41fd-8d48-ac3cc2b52712","name":"Cyclops Blink","type":"malware","source":"MITRE","software_attack_id":"S0687","tidal_id":"95175b84-6dcb-55ff-a7ca-afa0273d6485","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[NCSC CISA Cyclops Blink Advisory February 2022](https://app.tidalcyber.com/references/bee6cf85-5cb9-4000-b82e-9e15aebfbece)][[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f7a7447a-99ba-42f2-a606-1c80f0c477fa","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"fdee9ac1-0344-490f-91f0-07d101fb3932","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"9d521c18-09f0-47be-bfe5-e1bf26f7b928","name":"Dacls","type":"malware","source":"MITRE","software_attack_id":"S0497","tidal_id":"0cbe30dc-49e3-563f-9faa-4619248831e2","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelOne Lazarus macOS July 2020](https://app.tidalcyber.com/references/489c52a2-34cc-47ff-b42b-9d48f83b9e90)][[TrendMicro macOS Dacls May 2020](https://app.tidalcyber.com/references/0ef8691d-48ae-4057-82ef-eb086c05e2b9)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d4f5132b-9de8-4227-8c13-3c20428f3859","name":"DAMASCENED PEACOCK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3470","tidal_id":"4f11fb0a-e2b8-51c3-8f71-ea8b3f6fa556","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[UK MOD DAMASCENED PEACOCK April 11 2025](/references/92351a33-f2bc-4c49-9ba7-dc9468795168)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6b338ce7-a07f-4bfd-b025-235b7c93109e","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"cfc6af16-3676-4e96-82c8-f8d045c3fd71","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a123add2-461f-45cf-b8e5-f0188b836e21","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"df0d1376-4bab-408f-b4ca-e27efacb04ee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8cef8031-96c4-4c3d-b703-6fc3fa21813c","name":"DanaBot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3423","tidal_id":"95f5f1c0-013b-59ae-8a0c-b0455376e685","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"be7d957f-96fd-4555-ab9a-1ff213c8b1f7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b52998d5-d345-414b-8c14-35239835cdbf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c6dbbe5b-82e7-4e54-8676-0f4e96d96055","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"131c0eb2-9191-4ccd-a2d6-5f36046a8f2f","name":"DanBot","type":"malware","source":"MITRE","software_attack_id":"S1014","tidal_id":"a7e551e3-e9bd-5b9c-b4f4-095ffca6e730","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"032269a3-5c64-4bfe-9340-3a690a9f689b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"74f88899-56d0-4de8-97de-539b3590ab90","name":"DarkComet","type":"malware","source":"MITRE","software_attack_id":"S0334","tidal_id":"e6ded319-192a-53ed-820f-e5d63938ee89","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bdc84346-035e-4ca7-8180-777849982524","name":"Krademok","description":"[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]","source":"MITRE","associated_software_id":"cc96486b-d19d-4819-8265-9203a28ba6c9","owner_id":null,"owner_name":null},{"id":"fdd52ea2-a313-490e-9492-a4acd2017344","name":"DarkKomet","description":"[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]","source":"MITRE","associated_software_id":"afb90bbd-2299-4f3a-a9a8-792f4401e08f","owner_id":null,"owner_name":null},{"id":"bb346f9a-7140-46c4-b6d7-cd3ba3c96c16","name":"Fynloski","description":"[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]","source":"MITRE","associated_software_id":"f319bc98-ef43-47ef-8572-601f0be6fb68","owner_id":null,"owner_name":null},{"id":"b4d8fb4a-4130-4eec-aabc-6949f48ca918","name":"FYNLOS","description":"[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]","source":"MITRE","associated_software_id":"abbedb20-272b-4278-ab46-8e46e7cd70ed","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 ProjectM March 2016](https://app.tidalcyber.com/references/adee82e6-a74a-4a91-ab5a-97847b135ca3)]","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a1be74f-387d-497b-b69d-90eb289f9c90","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"39d81c48-8f7c-54cb-8fac-485598e31a55","name":"DarkGate","type":"malware","source":"MITRE","software_attack_id":"S1111","tidal_id":"112f4e5b-9b5d-5d9e-8424-5cdf5fc03d23","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Malwarebytes Pikabot December 15 2023](/references/50b29ef4-7ade-4672-99b6-fdf367170a5b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f2dc93cf-6e1b-4a1e-a134-4076de21b00d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d43ed66c-13f0-4e6f-9074-33e403fee58f","tag":"7b774e30-5065-41bd-85e2-e02d09e419ed"},{"id":"4cec07ef-7236-44c3-9495-9a01d805de0c","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"35abcb6b-3259-57c1-94fc-50cfd5bde786","name":"DarkTortilla","type":"malware","source":"MITRE","software_attack_id":"S1066","tidal_id":"f227400c-4f86-5ac9-8228-35f11f1ab900","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"740a0327-4caf-4d90-8b51-f3f9a4d59b37","name":"DarkWatchman","type":"malware","source":"MITRE","software_attack_id":"S0673","tidal_id":"a3e0aaf2-5eb6-5bc6-acd7-d5c5cf973b06","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f8de0aec-06f7-40a1-909d-590d3ca55b8d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fad65026-57c4-4d4f-8803-87178dd4b887","name":"Daserf","type":"malware","source":"MITRE","software_attack_id":"S0187","tidal_id":"847aa92b-2128-5d2a-bb59-f103fc8d687b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b4266b69-f6d1-4b1a-b8d1-13fa716d7820","name":"Muirim","description":"[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)]","source":"MITRE","associated_software_id":"82694e7e-140d-4ee6-93a0-03af069029cf","owner_id":null,"owner_name":null},{"id":"c3e307a0-015c-425b-86e8-1e10e473dde3","name":"Nioupale","description":"[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)]","source":"MITRE","associated_software_id":"dae98258-e7d1-4e13-9c88-13d5fe07bf89","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)][[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dd555a4c-3b04-48c1-988f-d530d699a5bf","name":"DataSvcUtil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3211","tidal_id":"810db6ef-0211-59f8-aa3c-6c8e56238a7f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"19ffd64e-a0bb-4dc2-be9d-f592cc81b9b8","name":"DataSvcUtil.exe","description":"[[DataSvcUtil.exe - LOLBAS Project](/references/0c373780-3202-4036-8c83-f3d468155b35)]","source":"Tidal Cyber","associated_software_id":"c64f5d2e-d645-4dd8-bc8f-9e515f8f80c3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"68db5b8e-aacb-4bc7-a1a2-4c67d76a2e07","tag":"0576be43-65c6-4d1a-8a06-ed8232ca0120"},{"id":"8d6c7fc6-3379-4338-838f-df58bd166c35","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1ba58351-4b41-46a1-b9ab-cf351e8d0648","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"789791b7-1ea1-4b18-8253-4663bb7ec143","name":"DBatLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3002","tidal_id":"0f34c39d-be47-517f-9bf8-f1f39791b381","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"28e11e8a-aef7-4a75-9197-fe8184fdd568","name":"ModiLoader","description":"[[DBatLoader Actively Distributing Malwares Targeting European Businesses](/references/42ee2e91-4dac-41ce-b2ec-fde21c258a28)]","source":"Tidal Cyber","associated_software_id":"6eef0dd4-d721-4f6e-9cc0-d7e4967eb401","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6821d482-52f3-4be2-8e7a-ac37c891dce1","name":"MoDi RAT","description":"[[Sophos News September 24 2020](/references/8cfa3dc4-a6b4-4204-b1e5-5b325955936d)]","source":"Tidal Cyber","associated_software_id":"c49680e0-f233-431b-b25c-039051407ad5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"9f24048d-85df-4df7-adb8-b51b8393ef66","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"67d8e250-2f42-4212-916d-90891093472e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8d078b8d-5cd1-4479-9b33-5d252962b952","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8bebf2ec-e224-4062-8ddb-44d353d45166","name":"DCRat","type":"malware","source":"Tidal Cyber","software_attack_id":"S3428","tidal_id":"9b3395e4-21b8-54c7-8730-83946d074aef","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac5a98bb-3ac4-4445-af85-d3ebbd6b7db4","name":"DarkCrystal RAT","description":"","source":"Tidal Cyber","associated_software_id":"be82055c-0017-40d3-96b6-2bc428bfd52c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f3a57d11-cc6c-495a-8855-8532c0486cc9","name":"Dark Crystal RAT","description":"[[Splunk October 18 2022](/references/78bccfce-ac5c-4413-9f6b-3be2762d7882)]","source":"Tidal Cyber","associated_software_id":"31a1b916-17f7-4e59-8cea-3edd106bdd2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"24cf9592-efe3-4867-8b72-850433bb5364","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"1ebea3d2-86cc-4132-ad51-ae25e9143e47","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c2438700-1b2b-449d-9e78-5642e92c0371","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"26ae3cd1-6710-4807-b674-957bd67d3e76","name":"DCSrv","type":"malware","source":"MITRE","software_attack_id":"S1033","tidal_id":"b49e8c79-5651-5323-b014-b693f457a297","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"41ac9076-16ce-4d49-bdfb-333a77e40b85","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"83560740-0417-46d0-a3a4-e9e9b99762d1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"0657b804-a889-400a-97d7-a4989809a623","name":"DDKONG","type":"malware","source":"MITRE","software_attack_id":"S0255","tidal_id":"cc123278-95ae-589d-8a78-e2992e31dad0","platforms":[],"associated_software":[],"groups":[{"description":"[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d191f182-60cb-4cdf-943b-dd6e5dd7afce","name":"DDOSIA","type":"malware","source":"Trellix TIG","software_attack_id":"S3436","tidal_id":"0c7efae3-a92f-57c5-a407-0a4f84040e61","platforms":[],"associated_software":[{"id":"56d2aa13-ef6c-4f42-9ce5-fbaaee368bbf","name":"Dosia","description":"","source":"Trellix TIG","associated_software_id":"3808831f-81bf-4753-8987-87f6e883aeeb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fec2448f-68b8-435b-b8dd-7048f082ad5b","name":"Go Stresser","description":"","source":"Trellix TIG","associated_software_id":"3620347e-1cb5-4ab1-b9f0-3d9f3b36d4d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"ed52314b-2459-4c48-ac8d-813774044db7","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":"TidalCyberIan"},{"id":"e9533664-90c5-5b40-a40e-a69a2eda8bc9","name":"DEADEYE","type":"malware","source":"MITRE","software_attack_id":"S1052","tidal_id":"f8c37fb3-372b-5ea6-a57a-5e7039f73414","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"549c4c79-c0e1-5768-ac75-0e60d807afe2","name":"DEADEYE.APPEND","description":"[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]","source":"MITRE","associated_software_id":"f55765f5-c5b6-4b6d-a50d-f96793569149","owner_id":null,"owner_name":null},{"id":"27732d5a-fe42-5727-8345-e2e0051ae1d3","name":"DEADEYE.EMBED","description":"[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]","source":"MITRE","associated_software_id":"a5895370-3911-4fd5-a61d-5e7cdf4eaa7b","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"b6d782a4-ef57-4668-b1be-cba80c69b1e8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"787609d5-43b0-5c79-9b88-9788de1a5f6f","name":"DEADWOOD","type":"malware","source":"MITRE","software_attack_id":"S1134","tidal_id":"787609d5-43b0-5c79-9b88-9788de1a5f6f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DEADWOOD](https://app.tidalcyber.com/software/787609d5-43b0-5c79-9b88-9788de1a5f6f) was previously linked to [APT33](https://app.tidalcyber.com/groups/99bbbe25-45af-492f-a7ff-7cbc57828bac) operations in 2019.[[RecordedFuture IranianResponse 2020](https://app.tidalcyber.com/references/a83365fb-aae4-57ca-9d11-1ad14d27976f)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[DEADWOOD](https://app.tidalcyber.com/software/787609d5-43b0-5c79-9b88-9788de1a5f6f) has been used by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) in wiping operations.[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"288c55a5-17e2-454b-8256-ecaf48fc8e05","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"64dc5d44-2304-4875-b517-316ab98512c2","name":"DealersChoice","type":"malware","source":"MITRE","software_attack_id":"S0243","tidal_id":"57d14411-2a06-5a72-8f04-27b13de93005","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sofacy DealersChoice](https://app.tidalcyber.com/references/ec157d0c-4091-43f5-85f1-a271c4aac1fc)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e51f10c5-e26f-4ecb-a465-334ccad63bce","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"832f5ab1-1267-40c9-84ef-f32d6373be4e","name":"DEATHRANSOM","type":"malware","source":"MITRE","software_attack_id":"S0616","tidal_id":"b5a06e46-0114-5880-b93b-b9463ed6e868","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"34a826db-ab32-46c4-910c-c1807162ee07","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"08af45c6-0eba-4b9e-98a2-62e0c811a578","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"ff25ec03-1e8d-427e-b207-1e1ecca542ec","name":"DefaultPack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3333","tidal_id":"c4c09ae4-5f4c-59fc-aea0-ea3b80c4990e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b15fb2b8-f182-4e11-95ad-41686c2c0c64","name":"DefaultPack.EXE","description":"[[DefaultPack.EXE - LOLBAS Project](/references/106efc3e-5816-44ae-a384-5e026e68ab89)]","source":"Tidal Cyber","associated_software_id":"95c59305-52c1-4d55-a9cd-8ce48e7a3a30","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"25388a85-4f6a-43db-8ad4-a8d0c42e0e49","tag":"4f7be515-680e-4375-81f6-c71c83dd440d"},{"id":"2b39684b-f460-4d8b-995f-dc7954842922","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c08c07a6-c893-48a4-b27f-0876f9c412d9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e8830cf3-53f3-4d15-858c-584589405fad","name":"Defender Control","type":"tool","source":"Tidal Cyber","software_attack_id":"S3031","tidal_id":"54466477-2f1b-5633-8ac9-c937d3a101fe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"60306ae7-71fd-4369-b4d8-844bae24d3d8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3c3829fa-41d4-48a6-98bf-0623fb2c0a20","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"457b5e3d-4fb6-4bd7-b401-8fe1d8727125","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"049fd609-37fb-4e7f-9139-09c221bc8daf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fa851d89-1157-40f7-828c-e228d1bf393f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"81ca0d4e-fac5-4a95-b374-eae2d18c9766","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b63ba1af-6b3f-4398-9d2d-9b19e142987d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"4f95d2a2-41e0-403d-a2fc-ab7074c91ad1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"1e4b521a-dab8-4edc-8c53-675da6c6b025","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7df912f5-b264-436e-8640-79440f09e5e9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"911d8f07-b846-4697-a81a-20afc95481eb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f484fae4-53ca-456b-89f1-3a583beacb9e","name":"Demodex","type":"malware","source":"Tidal Cyber","software_attack_id":"S3407","tidal_id":"3880c4c2-eb91-5f1d-8513-4d76befad567","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)][[Sygnia July 17 2024](/references/7d30acb4-9600-46bd-a800-1c7e1149e9b4)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)][[Sygnia July 17 2024](/references/7d30acb4-9600-46bd-a800-1c7e1149e9b4)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e197d3a0-6536-4ab1-82c6-f1a5da728395","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"64820bda-c4dc-4496-82f1-564b9df257b5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5781d8b1-3cb3-4d92-aa9c-0fef366a52f7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"df4002d2-f557-4f95-af7a-9a4582fb7068","name":"Denis","type":"malware","source":"MITRE","software_attack_id":"S0354","tidal_id":"c2f5916e-5b01-5892-99d0-aa52759bb000","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)][[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"33be10a3-3d0f-48bb-9883-81df9a724d2c","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"3c14ea0a-c85f-41b3-acd0-15d2565e3e07","name":"Denonia","type":"malware","source":"Tidal Cyber","software_attack_id":"S3126","tidal_id":"3fd7562c-2884-5d82-85e4-4c2b1c03983b","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"}],"associated_software":[],"groups":[],"tags":[{"id":"cf5257d3-a3fe-4e48-9851-60f4e30f9ea1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d42bffca-f237-4b13-abcc-258e6197bf0e","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"11e457df-e8c4-4054-9cbb-57d38e1ffe98","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"04e21131-be8a-4502-a788-fa1b2f3dc9a6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9222aa77-922e-43c7-89ad-71067c428fb2","name":"Derusbi","type":"malware","source":"MITRE","software_attack_id":"S0021","tidal_id":"a6eac87b-9ab9-5d67-a033-0168f1296003","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b737bb44-6f18-412c-a84d-a08d66f7a0b2","name":"PHOTO","description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]","source":"MITRE","associated_software_id":"92b622fe-1002-49f7-87ca-e97046f6ed40","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)][[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0690b69a-51ad-482f-b069-90cd4e30a902","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1863a7e2-6212-48a0-b109-15d0198b93e2","name":"Desk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3309","tidal_id":"48108f87-7ad5-5194-9fd8-9a68bec5a946","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"83c48bfd-5c8f-406f-ab7f-63a9bd17dcbd","name":"Desk.cpl","description":"[[Desk.cpl - LOLBAS Project](/references/487a54d9-9f90-478e-b305-bd041af55e12)]","source":"Tidal Cyber","associated_software_id":"670ed300-364b-45ad-ad7f-732d13365571","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2f5a1aa-9f65-41da-8390-148ec1802870","tag":"7ad2b1d5-c228-4bf5-bf8e-c80a8fef0079"},{"id":"734f82f7-9eed-4461-aa5e-9ded1e84b5d1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a137c4ea-d18e-4ebe-8eae-5704b196df47","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1b31652d-30bb-4c6e-bfe1-f2921a0aa64e","name":"Desktopimgdownldr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3212","tidal_id":"7b8395fb-238c-5386-8ad7-3585cd50c442","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7c4bf9f5-dfaa-46df-8803-83ae323f9f58","name":"Desktopimgdownldr.exe","description":"[[Desktopimgdownldr.exe - LOLBAS Project](/references/1df3aacf-76c4-472a-92c8-2a85ae9e2860)]","source":"Tidal Cyber","associated_software_id":"75e0d2df-7f93-4b5a-b085-4d2dfdac1348","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"48f346fb-03a2-4d71-995e-56b5228baea9","tag":"acc0e091-a071-4e83-b0b1-4f3adebeafa3"},{"id":"2bff6801-87cb-4477-9a52-c1b1c6adc53a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d91fcc17-881c-4271-9614-96f942a9d9a1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b99bdf39-8dcf-4bae-95af-b029d48cb579","name":"DeviceCredentialDeployment","type":"tool","source":"Tidal Cyber","software_attack_id":"S3213","tidal_id":"61266725-83a5-5530-b38c-c257abd84fca","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"28423085-6247-4ae2-94bd-b4a66e148456","name":"DeviceCredentialDeployment.exe","description":"[[DeviceCredentialDeployment.exe - LOLBAS Project](/references/fef281e8-8138-4420-b11b-66d1e6a19805)]","source":"Tidal Cyber","associated_software_id":"5a91980c-cdb3-4dde-b38d-175c5af960f3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4732f39b-acee-4efa-acbb-ebdb14dd92e2","tag":"2a08c2eb-e90e-4bdb-a2dd-9da06de7ed25"},{"id":"f17520cc-9153-445f-ba38-754d8d3cdb41","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a7c2551d-1d55-42d7-9f98-01a55b5aa1f0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"102714a0-6b18-4d05-83c2-dd2929ce685a","name":"Devinit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3334","tidal_id":"53fa20b4-c3ae-54ee-904c-5c147e8db328","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bb16053d-2311-404e-84e3-64574e4ad3ad","name":"Devinit.exe","description":"[[Devinit.exe - LOLBAS Project](/references/27343583-c17d-4c11-a7e3-14d725756556)]","source":"Tidal Cyber","associated_software_id":"34e99ddb-8992-4b3a-acaf-e95bf601777e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"335b0aff-8042-4185-8752-3ca8f125265c","tag":"bb814941-0155-49b1-8f93-39626d4f0ddd"},{"id":"7cf958ab-621f-48c2-a710-d20a740f5abe","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e778ebf6-290b-47ca-8df9-d13967130138","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0f3de387-e3de-440a-9d73-1371a9dfcadf","name":"Devman Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3500","tidal_id":"ef5002ea-b78f-5d27-9f9d-d6383d89579f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cyble Safepay Devman June 3 2025](/references/49840002-47ee-4a77-9ceb-577752798dc0)]","group_attack_id":"G3110","group_id":"b7b61ba1-7b0c-4568-a5ee-8b6634ed5b60","name":"Devman Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"93cd0157-9dc9-4333-807d-98ffb7152e03","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0fc0b7cf-2bc6-4c81-94bc-5c34afb92a66","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"4024e2d1-e9fe-4e67-8c52-91b574a1862d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"abce4f9b-005c-4bd8-8f01-1272cc1b65b3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6e213e33-c2e5-494f-bc1a-bf672f95dcf8","name":"Devtoolslauncher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3335","tidal_id":"e4911c2f-7c22-5418-91a6-0dc63fd50173","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ece06fad-6fc1-4e81-a01d-16983b867a82","name":"Devtoolslauncher.exe","description":"[[Devtoolslauncher.exe - LOLBAS Project](/references/cb263978-019c-40c6-b6de-61db0e7a8941)]","source":"Tidal Cyber","associated_software_id":"9fcdac31-4219-4b10-83e6-b1c85f96de60","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"66ec1274-1cf9-4aa4-945b-5633be59f834","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3a8d8e8f-1135-4329-b4b4-2f2c239eda3a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"672d80fe-656e-4b1b-8234-ebf2c5339166","name":"devtunnel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3373","tidal_id":"62ec8283-7e5b-534b-9a08-896918007ba9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dbe1da7a-4233-4a8e-84a1-daa8e7422edb","name":"devtunnel.exe","description":"[[devtunnel.exe - LOLBAS Project](/references/657c8b4c-1eee-4997-8461-c7592eaed9e8)]","source":"Tidal Cyber","associated_software_id":"02bce9ff-2975-4b0a-a8ab-8aaba3660803","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d521a02b-fd15-4b44-969e-9591fec04ef2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c080731c-6750-4656-ad2d-54ef78595c0f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ff0b0792-5dd0-4e10-8b84-8da93a0198aa","name":"DEWMODE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3059","tidal_id":"7c50b75d-e7a4-5409-a7f5-6739710164c3","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"fc89a46f-c0a4-42a9-9cf6-aaa82e8251c2","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"5bb7f57b-d920-4c91-911c-bba297759451","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"b396eb52-3b6a-44e9-9534-d8b981a52192","name":"Dfshim","type":"tool","source":"Tidal Cyber","software_attack_id":"S3310","tidal_id":"116b12f1-b442-5e81-8f4a-3818c22d17ab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"26a2d51b-6d8b-45fa-a796-9d0453f3d5a7","name":"Dfshim.dll","description":"[[Dfshim.dll - LOLBAS Project](/references/30503e42-6047-46a9-8189-e6caa5f4deb0)]","source":"Tidal Cyber","associated_software_id":"92344064-ad27-4fa5-8d50-fa56ff279213","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"cfc16886-c2bb-4de4-a85d-b99827ef2fc0","tag":"91fd24c3-f371-4c3b-b997-cd85e25c0967"},{"id":"dad4d59b-ba97-45c2-b037-0deee495b1a0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"35014889-f9af-47e6-9792-cb08861b407e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f85966ec-0c4d-4f7e-949f-bb73828bf601","name":"Dfsvc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3214","tidal_id":"e16458c1-8463-51ff-a00e-f40ad4da9a49","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6ff08a83-bfb2-44e6-b1da-596c71171e47","name":"Dfsvc.exe","description":"[[Dfsvc.exe - LOLBAS Project](/references/7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f)]","source":"Tidal Cyber","associated_software_id":"a9e71535-14ff-4715-a9f4-fac62b04753e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"857a630a-691a-4147-b3a4-a5fd6ee10e91","tag":"18d6d91d-7df0-44c8-88fe-986d9ba00b8d"},{"id":"95ea7cbd-c592-47ba-8a87-633ed3066eb3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c205e6d9-4435-409b-bde7-8d9f5a533c73","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"054ddf05-e9f0-4d14-8493-2a1b2ddbefad","name":"Diantz","type":"tool","source":"Tidal Cyber","software_attack_id":"S3215","tidal_id":"a7d4092b-a346-5bff-a0be-2b6d877c0144","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"665e5831-6600-470e-a375-ba7fad39d729","name":"Diantz.exe","description":"[[diantz.exe_lolbas](/references/66652db8-5594-414f-8a6b-83d708a0c1fa)]","source":"Tidal Cyber","associated_software_id":"6e0bb5fd-f650-4ba0-bd6f-d6b90b1a7777","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"919e46b5-25b2-4158-bf67-7997bd56e9fb","tag":"96f9b39f-0c59-48a0-9702-01920c1293a7"},{"id":"8df3a3cc-9f1d-4e34-969a-01fd53b18d19","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"71849247-f5df-4d32-b9a9-1bb1bdd9e688","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d057b6e7-1de4-4f2f-b374-7e879caecd67","name":"Diavol","type":"malware","source":"MITRE","software_attack_id":"S0659","tidal_id":"892485e5-0d78-5014-9549-4eec86ca6b3d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d606b31f-5508-4224-bd2a-f7c2b754a299","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9fa1871e-71d1-4dfa-b4d0-d940bf6347ae","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"226ee563-4d49-48c2-aa91-82999f43ce30","name":"Dipsind","type":"malware","source":"MITRE","software_attack_id":"S0200","tidal_id":"8c77a5c9-71cc-56f4-bab8-dc631a534417","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"194314e3-4edc-5346-96b6-d2d7bf5d830a","name":"Disco","type":"malware","source":"MITRE","software_attack_id":"S1088","tidal_id":"11c7a5cf-7fbd-5eaa-9eed-41f1a279d1ce","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"07c49566-5bea-44dc-b81f-e6c90bda9c39","name":"Diskshadow","type":"tool","source":"Tidal Cyber","software_attack_id":"S3216","tidal_id":"6bcc39ef-6970-55ef-8ccb-84873b40bcca","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4bd84850-5a38-448f-8497-402d8f6b500b","name":"Diskshadow.exe","description":"[[Diskshadow.exe - LOLBAS Project](/references/27a3f0b4-e699-4319-8b52-8eae4581faa2)]","source":"Tidal Cyber","associated_software_id":"84346cb2-601a-45ff-9d88-f0516cfaa688","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"137b2001-5159-4109-8139-17870486d7f2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a3e848b6-a6ce-404f-a2f8-985f0d7ad138","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3fd09997-86e0-4dce-935e-421863e9bad0","name":"Dnscmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3217","tidal_id":"87e55289-ceff-506f-b764-99a62bfafece","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3c1aab35-432c-49c8-b71b-0cc21694be8a","name":"Dnscmd.exe","description":"[[Dnscmd.exe - LOLBAS Project](/references/3571ca9d-3388-4e74-8b30-dd92ef2b5f10)]","source":"Tidal Cyber","associated_software_id":"16a67a60-df5f-443e-b0f3-07254ce0b923","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b0f2be97-a073-4735-ad90-fc3f3eadc5e2","tag":"a45f9597-09c4-4e70-a7d3-d8235d2451a3"},{"id":"a62ab514-b027-49ad-bc7a-26a894f3f416","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"ab66b36d-e294-410c-9f47-bdae234de882","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3ea75516-f826-472a-afb2-cde6c1e51cde","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a1dfe01c-3da5-4228-aab6-8afc33da5538","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3adaaa91-913f-4bc0-b5fc-4eda1fc0d53a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a8aad191-ecec-4b1c-a590-96f702a16df2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b4eca068-083c-4490-961f-58698de744e8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e69a913d-4ddc-4d69-9961-25a31cae5899","name":"DnsSystem","type":"malware","source":"MITRE","software_attack_id":"S1021","tidal_id":"256b2f00-a573-5f11-b82d-e74c7fa15698","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Zscaler Lyceum DnsSystem June 2022](https://app.tidalcyber.com/references/eb78de14-8044-4466-8954-9ca44a17e895)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e2bdda2e-54b4-4d35-b7e5-4e20626a4481","name":"dnx","type":"tool","source":"Tidal Cyber","software_attack_id":"S3336","tidal_id":"08781154-c4ba-5237-98b6-61c71b4749ea","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"631a3049-8904-465c-944d-84be82c04bab","name":"dnx.exe","description":"[[dnx.exe - LOLBAS Project](/references/50652a27-c47b-41d4-a2eb-2ebf74e5bd09)]","source":"Tidal Cyber","associated_software_id":"2e252d44-c667-4570-950b-255c7f291f24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"49a443c6-05d6-43bd-9193-cda5298ac309","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d6568b2f-f687-4ca6-9a7f-b8fe44308807","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"81ce23c0-f505-4d75-9928-4fbd627d3bc2","name":"DOGCALL","type":"malware","source":"MITRE","software_attack_id":"S0213","tidal_id":"a481a5ac-873b-5c81-93e7-48d6edd8ba61","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)][[Unit 42 Nokki Oct 2018](https://app.tidalcyber.com/references/4eea6638-a71b-4d74-acc4-0fac82ef72f6)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1b79e403-f2a4-4948-be27-70fce525c569","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"dfa14314-3c64-4a10-9889-0423b884f7aa","name":"Dok","type":"malware","source":"MITRE","software_attack_id":"S0281","tidal_id":"760e3197-db01-5ee4-87ff-e4d5d98c7ee7","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"2225ca1f-ef5e-4f0b-aa21-b1d48d1570f1","name":"Retefe","description":"[[objsee mac malware 2017](https://app.tidalcyber.com/references/08227ae5-4086-4c31-83d9-459c3a097754)].","source":"MITRE","associated_software_id":"83b39733-9672-4272-922f-7883d91ca94b","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"e6160c55-1868-47bd-bec6-7becbf236bbb","name":"Doki","type":"malware","source":"MITRE","software_attack_id":"S0600","tidal_id":"bac71e41-5ddd-52ac-bfe1-d4d369dbea4f","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"3a709774-1b11-489f-9db9-2ced73d361df","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"}],"owner_name":null},{"id":"49a5c24f-98f5-47ea-8e29-7ff723883341","name":"DomainPasswordSpray","type":"tool","source":"Tidal Cyber","software_attack_id":"S3404","tidal_id":"f174fca5-7387-5fd2-9783-c738dadb1a52","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7469d083-ff22-4ac7-ab10-9b27af7717b7","name":"DomainPasswordSpray.ps1","description":"[[U.S. CISA Iranian Actors Critical Infrastructure October 16 2024](/references/a70a4487-eaae-43b3-bfe0-0677fd911959)]","source":"Tidal Cyber","associated_software_id":"e15bb9fe-023f-411d-ba8d-28e3bb0eccda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"9ef6714c-0e68-4113-b758-2f21e705fe8d","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"af41dbfd-e5ad-461f-a7ab-3627fe0bf040","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"083d4d0b-82c1-44c4-8b64-10487e5a45ab","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"c1eb8e19-501e-4f9e-88de-76eeba2d40e1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5202e094-910a-42b7-8fb4-81cceb9360d0","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"797f0720-c43b-4adc-b779-cb37e8fddaa3","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"40d25a38-91f4-4e07-bb97-8866bed8e44f","name":"Donut","type":"tool","source":"MITRE","software_attack_id":"S0695","tidal_id":"9bab2c49-6bbf-535e-b46b-6f4434f9d5ce","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group WastedLocker June 2020](https://app.tidalcyber.com/references/1520f2e5-2689-428f-9ee4-05e153a52381)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6fae6fd9-a6ed-4a3a-84a7-6f270be3405b","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7548b517-500f-455f-bd92-a712cae74c26","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"1bcd9c93-0944-4671-ab01-cabc5ffe30bf","name":"Dotnet","type":"tool","source":"Tidal Cyber","software_attack_id":"S3337","tidal_id":"380ddb47-7950-54e6-bb78-4162be628612","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed161ce5-f9f8-489f-8c3c-3af96bfbcd6d","name":"Dotnet.exe","description":"[[Dotnet.exe - LOLBAS Project](/references/8abe21ad-88d1-4a5c-b79e-8216b4b06862)]","source":"Tidal Cyber","associated_software_id":"d9e30f26-11a6-48f5-bb26-d9b624b6b1d0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"038bf2bf-5ccd-485d-98a6-19e7c7224344","tag":"09c24b93-bf06-4cbb-acb0-d7b9657a41dc"},{"id":"9b04d4c0-6e37-4179-9dbf-91ae749208d5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"febf530e-0ea0-41ee-942c-e3cfbee834b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bd55fa7c-7747-4d3d-8176-e6c56870b2a3","name":"DOWNBAIT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3177","tidal_id":"278d27cd-1366-5721-b870-da2ff8f60575","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"df9f5c98-f0de-41e2-ae51-2acaf11c9e02","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f2dcbd82-447c-41cb-b5b9-f4b4c91153f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b69f50a1-f8c3-40a5-abf0-0f561dc880f7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f7b64b81-f9e7-46bf-8f63-6d7520da832c","name":"Downdelph","type":"malware","source":"MITRE","software_attack_id":"S0134","tidal_id":"c1cf7286-55da-5ef1-917d-a1d504fb3bbe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad65ca9c-9315-49a6-9c5b-de64bb988b1c","name":"Delphacy","description":"","source":"MITRE","associated_software_id":"48f30a38-0b80-45ad-9f80-d99c96c79cf4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aac9c347-8c22-4662-bfec-cc1b32958958","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"20b796cf-6c90-4928-999e-88107078e15e","name":"down_new","type":"malware","source":"MITRE","software_attack_id":"S0472","tidal_id":"6e281677-c85b-5b8b-984c-56791de553d9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fb7862d3-2e88-41f0-b0f0-baac06d83230","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"fc433c9d-a7fe-4915-8aa0-06b58f288249","name":"DownPaper","type":"malware","source":"MITRE","software_attack_id":"S0186","tidal_id":"eaddcc0e-ae0d-5939-a71d-df1bb7e6fb9e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ClearSky Charming Kitten Dec 2017](https://app.tidalcyber.com/references/23ab1ad2-e9d4-416a-926f-6220a59044ab)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"55f56475-801d-449c-abfb-f92a01d83d2a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"266a9754-aa50-4fda-a1db-456ddd898c76","name":"DragonForce Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3514","tidal_id":"f673b2a8-477b-5962-9555-36f510dc9b95","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3415d0af-6700-4a57-8e26-a2d0ddf56b1f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c5780b5a-bf82-4ea8-ab84-7543caf5f44d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"37e944bd-5240-4df5-9215-1112f0142ccc","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4254cdcf-ddd8-4342-a37f-6262dfd70d07","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"feb755c9-eef2-47e9-a169-c98b377ec913","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6933e130-6b30-4c20-af58-11b96c4b72d2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"3247c31b-73e4-48c4-afde-32911969a8b1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f0763a92-a9d4-479b-89e5-daa08f107e1c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"c6c79fc5-e4b1-4f6c-a71d-d22d699d5caf","name":"DRATzarus","type":"malware","source":"MITRE","software_attack_id":"S0694","tidal_id":"fde4f818-6642-521e-8635-da8a76186346","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e3cd4405-b698-41d9-88e4-fff29e7a19e2","name":"Dridex","type":"malware","source":"MITRE","software_attack_id":"S0384","tidal_id":"9eaef1fc-b252-5770-9a78-2557be5746a1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"350835f6-2aa1-47fa-8575-d07ffaf59c4d","name":"Bugat v5","description":"[[Dell Dridex Oct 2015](https://app.tidalcyber.com/references/f81ce947-d875-4631-9709-b54c8b5d25bc)]","source":"MITRE","associated_software_id":"614ca144-20e8-4387-b723-4a5f3cd7164b","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)][[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)][[Treasury EvilCorp Dec 2019](https://app.tidalcyber.com/references/074a52c4-26d9-4083-9349-c14e2639c1bc)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint TA505 Sep 2017](https://app.tidalcyber.com/references/c1fff36f-802b-4436-abce-7f2787c148db)][[Proofpoint TA505 June 2018](https://app.tidalcyber.com/references/e48dec7b-5635-4ae0-b0db-229660806c06)][[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d019e768-0315-4851-a083-7e77d813af03","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"358f3c20-27f7-48e3-82cd-d26d35996e3d","name":"DRIEDMOAT","type":"malware","source":"Trellix TIG","software_attack_id":"S3438","tidal_id":"a25426bb-79fa-534a-a2bc-4800d98225a5","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"77147dcd-10fe-442b-9c5f-68649a458047","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"9c44d3f9-7a7b-4716-9cfa-640b36548ab0","name":"DropBook","type":"malware","source":"MITRE","software_attack_id":"S0547","tidal_id":"e669723c-99d6-56a4-aae1-f801ac087e9e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bb7f7c19-ffb5-4bfe-99b1-ead3525c5e7b","name":"Drovorub","type":"malware","source":"MITRE","software_attack_id":"S0502","tidal_id":"f1f87b83-f0fa-577a-a24d-6fbab43c747c","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[NSA/FBI Drovorub August 2020](https://app.tidalcyber.com/references/d697a342-4100-4e6b-95b9-4ae3ba80924b)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"367c5e33-cca6-4756-8989-5da4d8ce0a10","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"35c5fa9f-748a-4966-9cff-20232614ef2f","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"c504496f-e56b-4ab3-a243-de1f25bc9f93","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9139c12f-a6d9-4300-8735-9298bc46a0bf","name":"dsdbutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3338","tidal_id":"c1456364-6869-5761-906e-66e1eb073272","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ce37a7fa-5501-489f-8a20-c9ace5c9885c","name":"dsdbutil.exe","description":"[[dsdbutil.exe - LOLBAS Project](/references/fc982faf-a37d-4d0b-949c-f7a27adc3030)]","source":"Tidal Cyber","associated_software_id":"dc0ffa58-c5d3-4ea4-ab3f-4e9e75bc92b8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b0560917-c736-4bac-b561-7ef739289ff5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ccece1b0-0c74-4be7-b2a2-633f8028e0e2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f77708f2-2a3b-4f16-b3d2-368acbc0a557","name":"DSLog","type":"malware","source":"Trellix TIG","software_attack_id":"S3459","tidal_id":"1ce7f26b-f698-5fd5-8bf8-ca64b4fad9f0","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c6f6644f-707a-47ce-a9df-a67ca0e5efa7","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"06402bdc-a4a1-4e4a-bfc4-09f2c159af75","name":"dsquery","type":"tool","source":"MITRE","software_attack_id":"S0105","tidal_id":"16a51790-4fb4-5677-a8d7-517b785fbc6d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6f9d2012-0617-4e81-8213-98e6e6998260","name":"dsquery.exe","description":"","source":"MITRE","associated_software_id":"8e9c7640-e49f-42ea-b28f-a00e4019fb4c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9e83b79f-5036-48e3-af92-1162b4da90c0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"92b11fad-7a81-42a2-b589-494386bba013","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c1829d53-b6e9-4079-a9bb-f8468725ef02","tag":"cb3d30b3-8cfc-4202-8615-58a9b8f7f118"},{"id":"3ba1a549-9cbe-40c5-9703-4ee60be90e0b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"aa21462d-9653-48eb-a82e-5c93c9db5f7a","name":"Dtrack","type":"malware","source":"MITRE","software_attack_id":"S0567","tidal_id":"7de05bdd-f1e0-5c8b-9989-ac97a3b2af3b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky Dtrack](https://app.tidalcyber.com/references/0122ee35-938d-493f-a3bb-bc75fc808f62)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 Jumpy Pisces October 30 2024](/references/2da2d3c6-cf19-49c8-8a82-2119b14d4e03)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c0695210-da0b-4052-81c1-589e20e3899a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"13eaf685-207b-46f8-81e9-6b4dc24da935","name":"dtutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3480","tidal_id":"6f8b977b-19b9-5962-8aa8-dfe7bdf1f3a0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"46fcada5-74f5-4de4-9565-b3f8216e4d7b","name":"dtutil.exe","description":"[[dtutil.exe - LOLBAS Project](/references/dc76db65-5a5a-43ab-8e84-6cd38a4524a7)]","source":"Tidal Cyber","associated_software_id":"99180fe3-cdce-4a51-a7d0-dabb242afb9f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1681764d-e0c3-4ffe-b0ac-6c512a6251f0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"58d021d4-1c4a-4d7a-a167-72caf87eb075","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"13482336-e22b-48e9-bd49-c6e6fc6612ec","name":"Dump64","type":"tool","source":"Tidal Cyber","software_attack_id":"S3339","tidal_id":"7b6e4f39-a457-58a2-9282-fc18f156c359","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a8818d86-a623-435b-a046-d2490b057b6c","name":"Dump64.exe","description":"[[Dump64.exe - LOLBAS Project](/references/b0186447-a6d5-40d7-a11d-ab2e9fb93087)]","source":"Tidal Cyber","associated_software_id":"cf43ff32-746a-44c9-9fbe-aa50b747f5a8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2733c40-c0b0-470e-8013-6dac8882af55","tag":"0f09c7f5-ba57-4ef0-a196-e85558804496"},{"id":"b6fdd6da-5f0b-4011-91aa-94a8a372200b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ef1731d6-4f00-4e32-b3b3-b4f9c6470714","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0ffc1b99-5ca1-4af4-95c7-7a311a32f911","name":"Dumpert","type":"tool","source":"Tidal Cyber","software_attack_id":"S3166","tidal_id":"358905e5-7d93-590f-8fb1-16ea443a6405","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"147ae3c6-1afe-4d88-80d0-cc867a61b150","tag":"bdeef9bf-b9d5-41ec-9d4c-0315709639a2"},{"id":"47de3a2e-6a4d-436b-96f3-d9f55f1a4d1d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"211e1086-8006-45d8-b753-e4955477c462","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"e74636f4-f114-4509-8d3c-720552b9b6b8","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"8ae4f5ca-f963-4079-8280-21ec5d7d7953","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"1b985d21-ba19-4789-8abb-f7109fb3b482","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"47612ac9-11e3-408a-b50f-8795621b79b2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d64db39f-9570-4671-92e3-d4041c13cb8b","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"60383eab-b1e7-43a9-9fdc-1673c17682ed","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"7f3bf76a-4e6a-45f1-a4bf-400d5a914e52","name":"DumpMinitool","type":"tool","source":"Tidal Cyber","software_attack_id":"S3340","tidal_id":"69cffc98-d63e-5fe7-8be6-c1698f035c05","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"85c476ba-baf2-4777-ad2d-ebe673c5ec9b","name":"DumpMinitool.exe","description":"[[DumpMinitool.exe - LOLBAS Project](/references/4634e025-c005-46fe-b97c-5d7dda455ba0)]","source":"Tidal Cyber","associated_software_id":"2aeee11b-2b25-4b93-ad2f-1bb60ac491a4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6a9ef1e6-b0e4-416f-88ed-19cb37e607cb","tag":"3b6ad94f-83ce-47bf-b82d-b98358d23434"},{"id":"90e73759-78da-4161-a92c-3166f2789c41","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"53a8fbf8-d10d-43f4-9f3a-4f588e6dd686","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d4a664e5-9819-4f33-8b2b-e6f8e6a64999","name":"Duqu","type":"malware","source":"MITRE","software_attack_id":"S0038","tidal_id":"de790ec5-56eb-5b3a-9403-58b9936eb04f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c685143b-8f55-475f-9fa8-decc37945984","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"78454d3f-fa12-5b6f-9390-6412064d7c8d","name":"DUSTPAN","type":"malware","source":"MITRE","software_attack_id":"S1158","tidal_id":"78454d3f-fa12-5b6f-9390-6412064d7c8d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DUSTPAN](https://app.tidalcyber.com/software/78454d3f-fa12-5b6f-9390-6412064d7c8d) has been used by [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) in various campaigns since at least 2021.[[Google Cloud APT41 2022](https://app.tidalcyber.com/references/c65cfdde-bc7f-5cd2-b1ee-066b7cc2eb6a)][[Google Cloud APT41 2024](https://app.tidalcyber.com/references/33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"76322fd6-8cb2-4d4c-bb11-4bf2184a52c1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0","name":"DUSTTRAP","type":"malware","source":"MITRE","software_attack_id":"S1159","tidal_id":"ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DUSTTRAP](https://app.tidalcyber.com/software/ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0) is used by [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9).[[Google Cloud APT41 2024](https://app.tidalcyber.com/references/33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"38a54dec-eb93-4863-8f97-901897ac2718","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"77506f02-104f-4aac-a4e0-9649bd7efe2e","name":"DustySky","type":"malware","source":"MITRE","software_attack_id":"S0062","tidal_id":"a3a853b7-8d09-54b1-b985-3f4bd8981065","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d1c03706-295a-4266-aaff-8383523be9c9","name":"NeD Worm","description":"","source":"MITRE","associated_software_id":"f41beff8-0ae1-48d6-bb13-b47c4763f4d1","owner_id":null,"owner_name":null}],"groups":[{"description":"[[DustySky](https://app.tidalcyber.com/references/b9e0770d-f54a-4ada-abd1-65c45eee00fa)][[DustySky2](https://app.tidalcyber.com/references/4a3ecdec-254c-4eb4-9126-f540bb21dffe)][[Kaspersky MoleRATs April 2019](https://app.tidalcyber.com/references/38216a34-5ffd-4e79-80b1-7270743b728e)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"497e8d8d-ecce-44c8-93a9-120faab55fb3","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"9b5039b9-c5f1-4516-88ef-f63966ec2b36","name":"Dxcap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3341","tidal_id":"abe7d8a5-61a8-53f5-9c01-671af8e02d84","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3695b720-e485-41d3-b135-d3025c199cc6","name":"Dxcap.exe","description":"[[Dxcap.exe - LOLBAS Project](/references/7611eb7a-46b7-4c76-9728-67c1fbf20e17)]","source":"Tidal Cyber","associated_software_id":"71444288-becb-435f-b1f9-b4abce44d092","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2910d09-b92b-42a5-934d-103ec3571f08","tag":"6d065f28-e32d-4e87-b315-c43ebc45532a"},{"id":"7b753cb5-704d-49a9-ad18-2e55225b98ae","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f823db11-5ee5-4469-a337-40dda1dc0dcb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"38e012f7-fb3a-4250-a129-92da3a488724","name":"Dyre","type":"malware","source":"MITRE","software_attack_id":"S0024","tidal_id":"e3ed8203-0121-5d3c-8b33-44ed71c2fb67","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1eb50200-1a51-4829-ac96-6f74430bbe3a","name":"Dyzap","description":"[[Sophos Dyreza April 2015](https://app.tidalcyber.com/references/50f9aa49-dde5-42c9-ba5c-f42281a71b7e)]","source":"MITRE","associated_software_id":"5cad75f1-7395-4eb1-9370-c36857b4fcb4","owner_id":null,"owner_name":null},{"id":"5df5b306-56dc-41d2-8a8f-91947d1d6e66","name":"Dyreza","description":"[[Sophos Dyreza April 2015](https://app.tidalcyber.com/references/50f9aa49-dde5-42c9-ba5c-f42281a71b7e)]","source":"MITRE","associated_software_id":"ee1346ac-a3e0-45dd-963c-497fca47c3e8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Forbes Dyre May 2017](https://app.tidalcyber.com/references/8fb3ef2f-3652-4563-8921-2c601d1b9bc9)][[CrowdStrike Wizard Spider March 2019](https://app.tidalcyber.com/references/d7001d6f-97a1-4155-8f74-3d878d4cbb27)][[Malwarebytes TrickBot Sep 2019](https://app.tidalcyber.com/references/4d6d258f-a57f-4cfd-880a-1ecd98e26d9f)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ee14e483-b5ef-4931-9c2a-72046b6555cc","name":"Earthworm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3053","tidal_id":"7adc85a6-67a3-5cfa-9b5b-2305728e4f63","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"37a87408-46fc-432a-b3eb-d440e4ad0369","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f3e6a980-8705-4fee-94f5-600e2ff958d3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"642a4167-03cb-4608-8f1e-ca523d121844","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"77c3d21c-4480-4a99-80c6-ba065daf2d6d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"da398264-fb88-4d06-a693-2a5f404a0db9","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"920a805f-ac92-4ea5-b3c6-12efbcf4346f","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f5485ec9-0447-4969-b8cb-755de21f49f7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2375465a-e6a9-40ab-b631-a5b04cf5c689","name":"Ebury","type":"malware","source":"MITRE","software_attack_id":"S0377","tidal_id":"30b5cd32-01a8-5cbe-93b0-eaf273df7fdd","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[ESET Ebury Oct 2017](https://app.tidalcyber.com/references/5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7)]","group_attack_id":"G0124","group_id":"eeb69751-8c22-4a5f-8da2-239cc7d7746c","name":"Windigo","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"70f703b3-0e24-4ffe-9772-f0e386ec607f","name":"ECCENTRICBANDWAGON","type":"malware","source":"MITRE","software_attack_id":"S0593","tidal_id":"60c87400-2efe-5bea-9e32-e99e4a268c05","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA AA20-239A BeagleBoyz August 2020](https://app.tidalcyber.com/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA EB Aug 2020](https://app.tidalcyber.com/references/a1b143f9-ca85-4c11-8909-49423c9ffeab)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ef28eb75-a127-471f-a0a2-dfccfef9ee2e","name":"echo","type":"tool","source":"Trellix TIG","software_attack_id":"S3464","tidal_id":"a8914859-4080-5baf-a547-74e81a03ad2f","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f67b1628-5dc8-4cdb-8b85-9c3007bb21e1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6508d3dc-eb22-468c-9122-dcf541caa69c","name":"Ecipekac","type":"malware","source":"MITRE","software_attack_id":"S0624","tidal_id":"f9e3fe9a-be04-545b-97f6-d5ecdc714a34","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"078fc151-e008-4984-a3bc-a6678e279e66","name":"SigLoader","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"8c68d850-b73d-40d8-9499-26ec1c1dbbb2","owner_id":null,"owner_name":null},{"id":"7a48fb2f-6237-412d-bc9e-cc7dc2658800","name":"HEAVYHAND","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"3c935fc9-aedf-4800-b6a1-f52612702600","owner_id":null,"owner_name":null},{"id":"01b34b53-64bf-4504-b18f-44f05a504a57","name":"DESLoader","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"a24219ab-2f4a-4922-864c-ea07e354bab2","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1233436f-2a00-4557-89a4-8cbc45e6f9f7","name":"EDRKillShifter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3147","tidal_id":"64f5ce4c-e698-5c74-a0ca-09e5d2401b75","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sophos News August 14 2024](/references/d0811fd4-e89d-4337-9bc1-a9a8774d44b1)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"11401aed-3863-4da3-8d26-a80c2e0ff3ed","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"233c16d9-c11c-4c8b-8370-699443e8f556","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1f5d11ad-d9ed-421c-a580-9823e1e2b475","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fbd2d7b0-0aa8-459f-8bfa-16daae769282","name":"EDRSandBlast","type":"tool","source":"Tidal Cyber","software_attack_id":"S3165","tidal_id":"1e16ad39-0b60-58dd-bc90-bf99e7a59eaa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Morphisec September 3 2024](/references/90549699-8815-45e8-820c-4f5a7fc584b8)]","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"452134e8-5b2a-4c7b-9c26-f028eed33040","tag":"835c9c79-3824-41ec-8d5a-1e2526e89e0b"},{"id":"d6a3acd6-5106-4999-abde-8c487c10b9fb","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"350b09b1-8ef3-4ea4-bbb8-f8d216b24096","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"dd5d4f0b-5d7b-4c49-a059-a9a3e72b94ec","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"6c54a849-13cc-44eb-ac60-d161fe919c6d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a2e277d6-8f75-4caa-b098-04b2336d6eac","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"9c62329b-d02e-457a-9add-4df749eb7f54","name":"EDRSilencer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3405","tidal_id":"c5960f79-af3f-512d-b16e-6c4f0f3b4922","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"dce14f61-23b5-4997-83ea-a1ad6e6bb12e","tag":"3eb94192-3889-4cde-8c5f-460afa2fccce"},{"id":"cd2c7e9d-29c5-4a03-9320-f7d9d6ee0e1d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c97bff4f-3c27-4be8-860b-5e1b3826e6c1","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"d1279b84-11f4-4804-9e5e-05c650960aac","name":"Edumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3157","tidal_id":"6fdd28a2-5313-5ad3-9bf6-a60efe79efc9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3a3cdf81-056d-45c4-bafc-365ede9ec1fd","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"0038fc6b-7f24-43fc-96e7-5998c253c10b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"46cb770c-8792-4023-8ead-55c22020dd89","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0e36b62f-a6e2-4406-b3d9-e05204e14a66","name":"Egregor","type":"malware","source":"MITRE","software_attack_id":"S0554","tidal_id":"f33ab5b9-6bbb-5ba7-8ace-b9357b14b2e6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e7e43967-f066-4bd1-8afe-ce1931b0ccd8","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"85fc156c-0a29-48ed-97cd-8adefb32ae04","tag":"3c3f9078-5d1e-4c29-a5eb-28f237bbd1ad"},{"id":"c1add7f5-b554-4986-b30e-f67868c60e33","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"f685d33b-7f7e-49cb-8dbc-2ab83d144362","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"13e8adc8-fa71-4090-a589-1fc97f8da455","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"b07485b6-77d8-4b28-a272-4ead1ea2fcc2","name":"eHorus","type":"tool","source":"Tidal Cyber","software_attack_id":"S3445","tidal_id":"c991a318-a5f5-50d7-9369-286570843915","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e04d10f5-0364-43b6-8544-d9de53a5bc6a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1fa1227a-e0ee-49dd-b222-0aa827a0aae9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c8f123b3-bacb-45e2-9835-1851ae746b4e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a16f30f3-d339-4d6e-8f16-c73bafd801c5","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"06eb15d3-34c5-48bd-ba41-0b91cdb93b35","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cd7821cb-32f3-4d81-a5d1-0cdee94a15c4","name":"EKANS","type":"malware","source":"MITRE","software_attack_id":"S0605","tidal_id":"ce440376-8780-5505-8fec-e339d8a4f3c9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7eed201b-5296-4e1d-aef8-09020912ee1e","name":"SNAKEHOSE","description":"[[FireEye Ransomware Feb 2020](https://app.tidalcyber.com/references/44856547-2de5-45ff-898f-a523095bd593)]","source":"MITRE","associated_software_id":"de4852b9-1f8b-4ef2-b3da-29be62458ea5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"00016447-d88f-431f-866b-31651928eb2f","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"319f01b7-9cf2-487c-9c53-44ad4074cf15","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3e3a084c-154a-468d-a9d4-6673c60f9e82","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a2ad5253-e31b-432c-804d-971be8652344","name":"Eldorado Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3145","tidal_id":"639be676-6c19-5fb0-a69a-15f1bd102f85","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Group-IB July 3 2024](/references/50148a85-314c-4b29-bdfc-913ab647dadf)]","group_attack_id":"G3045","group_id":"26e1c52e-0c48-4cd0-bdc5-9cf981a6e714","name":"Eldorado Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2e03f8f5-9a8e-473e-89e6-802c7e718e6b","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"d119f3f9-240a-42c2-bdc1-1c3fd6ea0c7f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3236bee0-18a6-4935-9a09-75bb0e08d2a6","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"d31fbf69-fa89-45b6-b6a5-1e6c37cc6378","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"115e696b-55d1-42f0-a592-cd0c7c85e72e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bb548f6c-b76a-43ec-a988-2f7c180b135e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd5efee9-8710-4536-861f-c88d882f4d24","name":"Elise","type":"malware","source":"MITRE","software_attack_id":"S0081","tidal_id":"01a4daca-ee23-5c93-bcae-43703610415c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c77bf151-07c8-43e2-9939-80d41fb72305","name":"BKDR_ESILE","description":"[[Lotus Blossom Jun 2015](https://app.tidalcyber.com/references/46fdb8ca-b14d-43bd-a20f-cae7b26e56c6)]","source":"MITRE","associated_software_id":"12b94df0-6a70-4946-8672-72e770bc12a1","owner_id":null,"owner_name":null},{"id":"7bcca200-50e1-4a9d-8132-cecee4ba978e","name":"Page","description":"[[Lotus Blossom Jun 2015](https://app.tidalcyber.com/references/46fdb8ca-b14d-43bd-a20f-cae7b26e56c6)]","source":"MITRE","associated_software_id":"87856d15-2fdc-42fd-b8c0-d48505ec5691","owner_id":null,"owner_name":null}],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Elise](https://app.tidalcyber.com/software/fd5efee9-8710-4536-861f-c88d882f4d24).[[Spring Dragon Jun 2015](https://app.tidalcyber.com/references/2cc38587-a18e-47e9-a8bb-e3498e4737f5)][[Accenture Dragonfish Jan 2018](https://app.tidalcyber.com/references/f692c6fa-7b3a-4d1d-9002-b1a59f7116f4)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"58edd693-6296-4918-9894-e5cf2b2534c1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6a3ca97e-6dd6-44e5-a5f0-7225099ab474","name":"ELMER","type":"malware","source":"MITRE","software_attack_id":"S0064","tidal_id":"96fbce83-3d5a-50b6-81ef-036bf0d9d1e2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye EPS Awakens Part 2](https://app.tidalcyber.com/references/7fd58ef5-a0b7-40b6-8771-ca5e87740965)]","group_attack_id":"G0023","group_id":"06a05175-0812-44f5-a529-30eba07d1762","name":"APT16","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2470a398-4507-4e82-bcc4-1a70ee6efb4c","name":"Embargo Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3389","tidal_id":"3560ac81-c9cb-5201-ab11-6290d3e9a92c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0810802b-f476-4177-9645-affd9ca417ad","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"f7426bd5-1d7c-4aac-b7f4-6810b16c0b78","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"1e568907-0b43-46fb-b2d8-703182270c02","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"6c87b4b9-14c8-410d-8e4e-559b857418df","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9eb072eb-2169-476e-a63c-f68abb0f2c27","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd95d38d-83f9-4b31-8292-ba2b04275b36","name":"Emissary","type":"malware","source":"MITRE","software_attack_id":"S0082","tidal_id":"7298d327-e33e-556b-8505-576b06d39c94","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Emissary](https://app.tidalcyber.com/software/fd95d38d-83f9-4b31-8292-ba2b04275b36).[[Lotus Blossom Dec 2015](https://app.tidalcyber.com/references/dcbe51a0-6d63-4401-b19e-46cd3c42204c)][[Emissary Trojan Feb 2016](https://app.tidalcyber.com/references/580ce22f-b76b-4a92-9fab-26ce8f449ab6)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c987d255-a351-4736-913f-91e2f28d0654","name":"Emotet","type":"malware","source":"MITRE","software_attack_id":"S0367","tidal_id":"10d70186-7aff-5aa1-b093-faa7ff945fa8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fb223f10-20b0-4647-9383-3041ad7001b6","name":"Geodo","description":"[[Trend Micro Emotet Jan 2019](https://app.tidalcyber.com/references/a81f1dad-5841-4142-80c1-483b240fd67d)]","source":"MITRE","associated_software_id":"ee981808-fa0c-462c-b767-e48f1ca7122a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c14d4cfa-806f-411a-85ba-7357a2954985","tag":"71dfe8d1-666f-4e71-8761-d2876078fb3e"},{"id":"9b2dd542-98ea-4713-ac08-47513240ab49","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d59c3c98-0623-4522-bc3d-a2967d4b5ed6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fea655ac-558f-4dd0-867f-9a5553626207","name":"Empire","type":"tool","source":"MITRE","software_attack_id":"S0363","tidal_id":"670cfd82-17d8-5033-bc39-f37760664c0f","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"170fe9fa-1386-490d-97d4-b4a099fbd686","name":"EmPyre","description":"[[Github PowerShell Empire](https://app.tidalcyber.com/references/017ec673-454c-492a-a65b-10d3a20dfdab)]","source":"MITRE","associated_software_id":"55859df1-5c3b-4b9b-b0d0-39c5c82c59f9","owner_id":null,"owner_name":null},{"id":"c313912e-cd3c-4ae8-ab5a-c3ab40585762","name":"PowerShell Empire","description":"[[Github PowerShell Empire](https://app.tidalcyber.com/references/017ec673-454c-492a-a65b-10d3a20dfdab)]","source":"MITRE","associated_software_id":"8745d0f6-8771-4588-bd2f-b80d418908ee","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Turla August 2018](https://app.tidalcyber.com/references/e725fb9d-65b9-4e3f-9930-13c2c74b7fa4)][[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Group IB Silence Aug 2019](https://app.tidalcyber.com/references/2c314eb6-767f-45b9-8a60-dba11e06afd8)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)][[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as Empire.[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Lab52 WIRTE Apr 2019](https://app.tidalcyber.com/references/884b675e-390c-4f6d-8cb7-5d97d84115e5)]","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye FIN10 June 2017](https://app.tidalcyber.com/references/9d5c3956-7169-48d5-b4d0-f7a56a742adf)]","group_attack_id":"G0051","group_id":"345e553a-164d-4c9d-8bf9-19fcf8a51533","name":"FIN10","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCSC Joint Report Public Tools](https://app.tidalcyber.com/references/601d88c5-4789-4fa8-a9ab-abc8137f061c)]","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6cf3146f-8d33-4421-a7f7-caa88ea0029f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"29307cd8-f174-42ad-a5cf-378112e16a24","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"46029e18-ef8f-4a6c-a29d-d19481d5766d","tag":"4f05a12d-f497-4081-acb9-9a257ab87886"},{"id":"49d76363-9809-4b9b-ab2c-a3e85ba0ec38","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7651417b-3d9e-40c4-88ae-123f79d0fcbd","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"8c80743b-f776-40a1-b93d-09f7a0153227","name":"enum4linux","type":"tool","source":"Trellix TIG","software_attack_id":"S3433","tidal_id":"5fe40d9c-1637-52da-9bf7-a4cfb8834087","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"8da6fbf0-a18d-49a0-9235-101300d49d5e","name":"EnvyScout","type":"malware","source":"MITRE","software_attack_id":"S0634","tidal_id":"78f56307-3409-5eb5-a49f-812cc5ead69e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"94a204af-adca-4475-b709-41a06cf775f6","tag":"542316f4-baf4-4cf7-929b-b1deed09d23b"},{"id":"5edf88cf-2d38-49d1-9434-7ac5211ca154","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"a7e71387-b276-413c-a0de-4cf07e39b158","name":"Epic","type":"malware","source":"MITRE","software_attack_id":"S0091","tidal_id":"d5e1b32e-fba6-53ee-a1f1-75267ea642c1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"456cbe78-3e2c-4310-95f7-029e2dac553e","name":"Tavdig","description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","source":"MITRE","associated_software_id":"c9f72733-1557-4a9c-9a07-b87e80d84b01","owner_id":null,"owner_name":null},{"id":"e3abe367-cba2-4d67-ace9-10a4c74418a7","name":"Wipbot","description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","source":"MITRE","associated_software_id":"b0614725-7a40-4a46-9d57-79dfd157af91","owner_id":null,"owner_name":null},{"id":"0755050c-dc93-49dc-977a-d28f7ce51fac","name":"WorldCupSec","description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","source":"MITRE","associated_software_id":"40bd7e6b-f282-4fac-a707-e21b256e0c52","owner_id":null,"owner_name":null},{"id":"e009a3b2-5a6f-44cb-84ea-9da186d101a5","name":"TadjMakhal","description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","source":"MITRE","associated_software_id":"eafca858-2534-4dea-b50c-ddf9a9a490f8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)][[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e916383d-dff0-49cb-8115-23088b12df97","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a7589733-6b04-4215-a4e7-4b62cd4610fa","name":"esentutl","type":"tool","source":"MITRE","software_attack_id":"S0404","tidal_id":"d5249964-bbaa-5d7d-92c9-d662dea06052","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e68d12cb-d521-4b56-ac52-dbc881ff6198","name":"esentutl.exe","description":"","source":"MITRE","associated_software_id":"285440ba-037a-4b5c-a089-e0af02a62236","owner_id":null,"owner_name":null}],"groups":[{"description":"[[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)][[SentinelOne INC Ransomware](https://app.tidalcyber.com/references/5f82878b-2258-5663-8694-efc3179c1849)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3a6b4006-2ce5-4f1e-b44b-846f793cc24e","tag":"ee88899a-2bf0-4b96-bf69-5b686fa463c3"},{"id":"5c5a9065-0560-42a0-a628-f72979870421","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a3009a9d-7aa2-46ca-bf7e-08f2903b79f9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"4aa89bae-3c3b-45c2-a29e-f3b695e87a7a","name":"esxcli","type":"tool","source":"Trellix TIG","software_attack_id":"S3458","tidal_id":"d8c9e059-fd8e-588f-9cb0-065a779f0b4b","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"4c371bd9-c97c-42ab-b913-1e19cd409382","name":"Eventvwr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3219","tidal_id":"fbc6e598-b274-5df2-a957-7b9e21f3eb2c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"799734c8-b95b-4d68-9781-3fc4b09178a0","name":"Eventvwr.exe","description":"[[Eventvwr.exe - LOLBAS Project](/references/0c09812a-a936-4282-b574-35a00f631857)]","source":"Tidal Cyber","associated_software_id":"51125aee-d1af-4414-90fa-84b6c977c100","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"267eecdf-69bb-4089-b106-d4ca10d26168","tag":"59d03fb8-0620-468a-951c-069473cb86bc"},{"id":"e60936b8-8f9e-4117-89bf-4e7b9067a5b5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1c09afa1-1106-456d-968f-2767bc378c79","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f7980d81-acd0-4e3e-b224-3d8424b72397","name":"Everything","type":"tool","source":"Tidal Cyber","software_attack_id":"S3473","tidal_id":"ca1679c3-6d33-5bb1-ba30-c87149260fa3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eaa1f64c-9bb9-4bfd-9cf7-2184beaec6aa","name":"Everything.exe","description":"[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]","source":"Tidal Cyber","associated_software_id":"a5a9546f-ab91-4a82-91a2-234ca5a0f73a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2754a728-333e-4c18-89b7-728eb96a7570","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5442b7f3-03d9-48bc-890a-7dbad6c34517","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"e1b83fb1-e7f6-4191-8497-9bfb71bfaa93","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"35d7b8fe-4ef1-4bbc-af6a-60e2f5b5dd4a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c5418c3e-64cf-4ac9-806f-0e1bbc248e63","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a432bf28-41e5-409b-b858-fd98a55db94f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"300e8176-e7ee-44ef-8d10-dff96502f6c6","name":"EvilBunny","type":"malware","source":"MITRE","software_attack_id":"S0396","tidal_id":"1b7f07bb-a934-5178-a74c-7a528dbc1e32","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4892c22d-6fd4-4876-8e8a-af968cf61ecc","name":"EvilGinx","type":"malware","source":"Tidal Cyber","software_attack_id":"S3103","tidal_id":"351de5b2-cbcc-5623-bcc5-ad500c5e9446","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Star Blizzard December 2023](/references/3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b)]","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog May 27 2025](/references/e7ea6602-f448-46f2-9ce8-9afbc226807d)]","group_attack_id":"G3104","group_id":"42219d16-7ed7-4716-b88f-b29a456f0f8d","name":"Void Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a4dddfb4-cc9e-440f-b5a9-889a7ba67fe7","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"71c7fb70-4712-45fc-a906-f458872883a0","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"dd051a24-dab6-426c-8db7-5dc124166c9a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"647f2c66-bc8a-46d9-93dd-7794099326a4","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6aa640fe-226c-4aae-a680-11bade7b13a3","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8c9e7af3-71d2-4b76-90b9-8f7ae5f8cf68","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8b6b3a65-3b90-41cc-940e-dda763e501c8","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"15824b79-34dd-4d47-b4bc-25d94204f01d","tag":"fe28cf32-a15c-44cf-892c-faa0360d6109"},{"id":"dafbe4f6-54b7-45af-a4c8-c4597d133847","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0f5c23e3-1383-4890-8b13-f41a7060ecd2","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"30b91118-629d-4496-a940-48335a4332e1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"e862419c-d6b6-4433-a02a-c1cc98ea6f9e","name":"EvilGrab","type":"malware","source":"MITRE","software_attack_id":"S0152","tidal_id":"cf608591-a997-5a74-93c9-a08b52077562","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b5628f25-4ca6-452c-90a2-7ccb39eaa107","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e0eaae6d-5137-4053-bf37-ff90bf5767a9","name":"EVILNUM","type":"malware","source":"MITRE","software_attack_id":"S0568","tidal_id":"7e49be92-f0fd-59c2-b49f-51643c92e0e9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Prevailion EvilNum May 2020](https://app.tidalcyber.com/references/533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0)]","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f2e8cb0d-dd10-4767-bec9-e91e8b2b45d1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c773f709-b5fe-4514-9d88-24ceb0dd8063","name":"Exaramel for Linux","type":"malware","source":"MITRE","software_attack_id":"S0401","tidal_id":"bf5ce6cd-0dc6-5fa6-8eb5-8882575564b1","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[ESET TeleBots Oct 2018](https://app.tidalcyber.com/references/56372448-03f5-49b5-a2a9-384fbd49fefc)][[ANSSI Sandworm January 2021](https://app.tidalcyber.com/references/5e619fef-180a-46d4-8bf5-998860b5ad7e)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"21569dfb-c9f1-468e-903e-348f19dbae1f","name":"Exaramel for Windows","type":"malware","source":"MITRE","software_attack_id":"S0343","tidal_id":"59604c54-c644-52e5-8446-28cdfc4a4f09","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET TeleBots Oct 2018](https://app.tidalcyber.com/references/56372448-03f5-49b5-a2a9-384fbd49fefc)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"581ce8df-78fd-5e0c-9b62-6fc5deda3167","name":"Exbyte","type":"malware","source":"MITRE","software_attack_id":"S1179","tidal_id":"581ce8df-78fd-5e0c-9b62-6fc5deda3167","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [Exbyte](https://app.tidalcyber.com/software/581ce8df-78fd-5e0c-9b62-6fc5deda3167) for automated file collection and exfiltration.[[Symantec BlackByte 2022](https://app.tidalcyber.com/references/965503f6-e5f9-5c98-b0c4-1211e44346d9)][[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97eb6856-bcda-406e-bd8e-162a2a6ead8a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"46efd94e-afd2-4536-8525-0619fc56966f","name":"Excel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3342","tidal_id":"b14b68d0-92ce-54c4-ab04-bc370791a341","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"55ea10d2-76b8-40ff-928c-2c4f15737702","name":"Excel.exe","description":"[[Excel.exe - LOLBAS Project](/references/9a2458f7-63ca-4eca-8c61-b6098ec0798f)]","source":"Tidal Cyber","associated_software_id":"a878dcfe-76d9-435d-8b14-b0490db7e1a8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f26d0816-06d8-46dd-a510-d83d48b3e371","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"eeec6518-e574-4c38-bf14-7270786db264","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"068b26ae-39b5-4b4e-8faa-eb304a17687d","name":"ExMatter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3077","tidal_id":"844d357d-3a2c-528f-8b3e-885c280121f4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bfdbba5c-a55e-4f66-a2a6-ff292ee76356","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":"TidalCyberIan"},{"id":"5d7a39e3-c667-45b3-987e-3b0ca49cff61","name":"Expand","type":"tool","source":"MITRE","software_attack_id":"S0361","tidal_id":"473fc423-79ce-580e-9189-51ee59b022ea","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"393f6896-278c-47b8-9ee0-e1c546bf1087","name":"Expand.exe","description":"","source":"Tidal Cyber","associated_software_id":"7ffda0fe-4375-443e-a8c7-df5dabc104f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7ee02bf8-33d0-4cac-843b-cf5fa410bdbf","tag":"182dd4be-bbda-404f-aad1-156a22bbe7a4"},{"id":"c4dc0eb4-a3e5-4862-b0b5-a1901efa00e8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"32a047cc-5a0e-494c-b64d-28e906ee44ee","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"b792d713-fbb4-46e6-94ae-8b9a1f4e794d","name":"Explorer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3221","tidal_id":"58273d3a-4cd8-53ba-8d33-264e0a4fa9fd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"99210c23-bd09-4df1-8545-da1d37a9c2df","name":"Explorer.exe","description":"[[Explorer.exe - LOLBAS Project](/references/9ba3d54c-02d1-45bd-bfe8-939e84d9d44b)]","source":"Tidal Cyber","associated_software_id":"f6b34f5e-3bec-4098-98b8-2ea74f184ecc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Securelist Kimsuky Sept 2013](/references/f26771b0-2101-4fed-ac82-1bd9683dd7da)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d583c893-f290-4fa6-baf0-ae00e8dba820","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"afa3dac7-d714-4d89-8027-b56b25b5addd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"572eec55-2855-49ac-a82e-2c21e9aca27e","name":"Explosive","type":"malware","source":"MITRE","software_attack_id":"S0569","tidal_id":"f81d493c-3673-5cfb-aa99-9a3180cb7de8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CheckPoint Volatile Cedar March 2015](https://app.tidalcyber.com/references/a26344a2-63ca-422e-8cf9-0cf22a5bee72)][[ClearSky Lebanese Cedar Jan 2021](https://app.tidalcyber.com/references/53944d48-caa9-4912-b42d-94a3789ed15b)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2e6f1aed-a983-44fb-aed1-b4a3d9cb9488","name":"Extexport","type":"tool","source":"Tidal Cyber","software_attack_id":"S3222","tidal_id":"6c9b55da-0b1a-5e82-a74d-8b939802f687","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a864c2cc-2ff2-4c45-a6dd-fef6ad7c7fc1","name":"Extexport.exe","description":"[[Extexport.exe - LOLBAS Project](/references/2aa09a10-a492-4753-bbd8-aacd31e4fee3)]","source":"Tidal Cyber","associated_software_id":"ef321c97-a66d-4dbc-8ed6-c002e141ffdc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"11cb7400-8b79-4fc6-ab80-bf01bb90a663","tag":"5b81675a-742a-4ffd-b410-44ce3f1b0831"},{"id":"3b334fbf-2c52-4e6c-b5da-2374104b465c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3b1d466e-475d-4d41-aa3a-781f5b34380a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"363c38fc-8676-4a63-b3f4-f0237565a951","name":"ExtPassword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3032","tidal_id":"1d0a7ea8-6dbb-534c-9949-9d48957eb806","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b269ba00-50c3-4d79-b7f0-15c11ba39b28","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7227fdcd-a05c-432f-9f47-71b3c86abad9","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"ef0cf61b-9049-49b4-ad07-324427dfa4f1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"05660d7c-04ce-4847-88d8-71df4a750be7","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"b32fe3cc-c95d-4e5f-b3d1-67e4d1c2fc4b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cf73ab71-8b32-4183-bdef-22122d6e51ec","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"c3a27c87-6ab4-40ef-9896-8c9b76650e86","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"dbdd0ea2-b05d-441a-b1ce-cfeb61ed26ef","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"01e18e0d-4418-4e34-828b-4f51b1296d3e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"c8e27205-ae5b-48b2-98ea-a1aa6e70a086","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0a128e43-8b83-4abf-aac4-3905e760f8f4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"53dc0180-0309-4489-af75-9c76b2887359","name":"Extrac32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3223","tidal_id":"203fd233-8eb3-5d4e-9da9-42a849c160f7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"776f532a-3bd6-44eb-870f-a726cc951ba0","name":"Extrac32.exe","description":"[[Extrac32.exe - LOLBAS Project](/references/ae632afc-336c-488e-81f6-91ffe1829595)]","source":"Tidal Cyber","associated_software_id":"84483c62-922d-49c5-b688-c106c2496545","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6ed27db2-59dc-4ef8-a792-a97ff2971785","tag":"92092803-19a9-4288-b7fb-08e92e8ea693"},{"id":"957519de-12cf-452d-b09f-6abaafbbc80d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c8a9eaf1-9805-46ee-96c6-757c33383e36","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cbbba380-bf9d-4c3d-bda6-a808c4ad0113","name":"FaceXInjector","type":"malware","source":"Tidal Cyber","software_attack_id":"S3463","tidal_id":"dd36b20c-6fb1-5a49-8d90-54cf477d821e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8106551d-6deb-4376-8bff-cebfd15cb1cd","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"0e738ead-5245-4b33-af98-000fbc4ef950","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c1b48738-aabe-41bd-8d06-7ba897ce46e8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8c64a330-1457-4c32-ab2f-12b6eb37d607","name":"FakeM","type":"malware","source":"MITRE","software_attack_id":"S0076","tidal_id":"0de410e0-8135-5455-a857-c8bd68b3f292","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"acbff463-ba1c-4d26-ab99-b9aa47b81c68","name":"FakePenny","type":"malware","source":"Tidal Cyber","software_attack_id":"S3136","tidal_id":"e9a0f927-1397-566e-809d-83e015970f27","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5802fa23-cbbf-4db7-a563-ca4ff0625f93","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"85015a0a-1da1-4c55-bd44-e02f118e585a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"36d6a808-4613-424e-bfb8-0d21c6f5e9e6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"83a1e2b6-3beb-4cba-aa61-c488615dfe1b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ea47f1fd-0171-4254-8c92-92b7a5eec5e1","name":"FALLCHILL","type":"malware","source":"MITRE","software_attack_id":"S0181","tidal_id":"388b82c6-9b6b-5a57-bd55-9f54e054099f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT FALLCHILL Nov 2017](https://app.tidalcyber.com/references/045e03f9-af83-4442-b69e-b80f68e570ac)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"997ff740-1b00-40b6-887a-ef4101e93295","name":"FatDuke","type":"malware","source":"MITRE","software_attack_id":"S0512","tidal_id":"eeaa2886-2141-58d4-8446-8279f0f31adc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2882e00d-816c-4231-8db9-6c9f503253d1","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"8e623e62-524f-43de-934c-3792bfd69d3f","name":"FDMTP","type":"malware","source":"Tidal Cyber","software_attack_id":"S3173","tidal_id":"809f656d-c242-51cc-990d-0f6b833306d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"34a88b42-da3b-48b8-b5c1-58fa6ed8603a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"62bfa4c5-642e-4ef1-aec2-769ad559a127","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5ad43d06-882d-417e-b86c-3ab09a8c12a3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c66ed8ab-4692-4948-820e-5ce87cc78db5","name":"Felismus","type":"malware","source":"MITRE","software_attack_id":"S0171","tidal_id":"93965e75-70f6-5591-9314-8a011fe8f0a8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Sowbug Nov 2017](https://app.tidalcyber.com/references/14f49074-fc46-45d3-bf7e-30c896c39c07)]","group_attack_id":"G0054","group_id":"6632f07f-7c6b-4d12-8544-82edc6a7a577","name":"Sowbug","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4b1a07cd-4c1f-4d93-a454-07fd59b3039a","name":"FELIXROOT","type":"malware","source":"MITRE","software_attack_id":"S0267","tidal_id":"0a32f4ab-983b-54ad-a328-dcd57c526533","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"84b19011-a651-47b7-9d5e-24c8cf54c2ae","name":"GreyEnergy mini","description":"[[ESET GreyEnergy Oct 2018](https://app.tidalcyber.com/references/f3e70f41-6c22-465c-b872-a7ec5e6a3e67)]","source":"MITRE","associated_software_id":"78026ff0-63f0-42d8-81de-e02ad8223d68","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"3e54ba7a-fd4c-477f-9c2d-34b4f69fc091","name":"Ferocious","type":"malware","source":"MITRE","software_attack_id":"S0679","tidal_id":"33a8c2be-315c-5771-980e-a9845c8b8a4a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky WIRTE November 2021](https://app.tidalcyber.com/references/143b4694-024d-49a5-be3c-d9ceca7295b2)]","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1bbf04bb-d869-48c5-a538-70a25503de1d","name":"Fgdump","type":"tool","source":"MITRE","software_attack_id":"S0120","tidal_id":"f1dc93be-43a0-5c12-af7a-dbb96ad34798","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f2a6f899-15a8-4d77-bebd-14bc03958764","name":"FileZilla","type":"tool","source":"Tidal Cyber","software_attack_id":"S3033","tidal_id":"b0f662bd-5ce4-51ac-b7d2-6bc5f76e6558","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0be78b87-d7fc-4bc0-8437-1e5d9d32dd96","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"3bb5da1d-48a3-4438-918d-c63866a2f2c9","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"b0f0914d-0cdc-4094-8dbd-bbf40ed290e7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"728a766d-cc5e-40ff-bd4a-7d5aa4ff0d06","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"94af4c69-a4b9-4899-a494-1331cc04469e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"5b4964fb-cdf8-4e92-b39d-e47cfd9b7448","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"8aa84ace-eb11-4813-9833-b72bfee2dff2","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c73fbd8d-e4e2-4c38-b6d5-5c5f1deaba78","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"56d14750-6ae9-474a-b845-599439db12ca","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"ceff3564-2676-425e-ac20-39b2d05a2cb8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"6914eba8-7ddd-4084-8c48-3f6b2fef5408","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"924f93b5-edff-489b-9843-706febb659f0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"065d31da-710e-4b53-b352-f812d6d02f25","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"93cc54bd-fd02-439c-887c-d5b78b4e5541","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"eb4dc358-e353-47fc-8207-b7cb10d580f7","name":"Final1stspy","type":"malware","source":"MITRE","software_attack_id":"S0355","tidal_id":"210da6b3-7f71-554b-9bf8-315362e2c7a8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Nokki Oct 2018](https://app.tidalcyber.com/references/4eea6638-a71b-4d74-acc4-0fac82ef72f6)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3b00412d-7146-4b4d-8347-46985e2d9109","name":"FINALDRAFT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3432","tidal_id":"e8b2eea6-907b-5acb-a48f-0c9bbd0fa924","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e96f848c-021a-488a-bbd5-0876e8a2c7cb","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"54f56a16-e492-4d32-b6c0-7c26a53e0a59","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"615ef942-441f-4f86-a95d-ab27f6841925","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"654ae996-efeb-4666-8145-a7cb672991c3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"30083a3b-b022-4cc5-ad75-26f963fddc33","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d0cc9378-bb4d-45c4-8c87-1a0e51e5ae0c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a62634f8-8f42-4874-9669-bea2e053dfea","name":"Findstr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3224","tidal_id":"4a379014-800b-5a35-8314-f41dff3c88e3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"21ce9ebe-477f-449f-ba2b-093f8c440aa7","name":"Findstr.exe","description":"[[Findstr.exe - LOLBAS Project](/references/fc4b7b28-ac74-4a8f-a39d-ce55df5fca08)]","source":"Tidal Cyber","associated_software_id":"8c3183d9-da91-449e-94e5-1814bec72c1b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dbbbfec7-a87a-491b-9655-c75a931bea1e","tag":"6ca537bb-94b6-4b12-8978-6250baa6a5cb"},{"id":"c2652b5a-7037-411d-b410-ad4adb5191fa","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c5929a68-431d-43ce-809f-ea75266cfa54","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"55e1f5a4-e2ef-4903-8d30-8e7b9a8aca1e","name":"FINETIDE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3429","tidal_id":"afcbec44-b19a-55b1-8307-e5ca520e8544","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cff19b89-77fd-4d7e-92a0-1fedeb0208f4","name":"WhisperPack","description":"[[Mandiant UNC2589 March 2022](/references/63d89139-9dd4-4ed6-bf6e-8cd872c5d034)]","source":"Tidal Cyber","associated_software_id":"38d3552e-9342-419f-881e-62cb6ec82bb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d5ec7d15-b061-4756-bc11-72b10071d7ca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"4d4814a0-4e0f-4397-a687-1f70be4ae8b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4bec1bee-718b-4a52-bbcd-70e1a55d4453","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"41f54ce1-842c-428a-977f-518a5b63b4d7","name":"FinFisher","type":"malware","source":"MITRE","software_attack_id":"S0182","tidal_id":"aff79ed5-b2bf-5bb2-aa60-2d458ffd00d5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6fcf39ed-347a-48d3-a687-da5bc5484adb","name":"FinSpy","description":"[[FireEye FinSpy Sept 2017](https://app.tidalcyber.com/references/142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce)] [[Securelist BlackOasis Oct 2017](https://app.tidalcyber.com/references/66121c37-6b66-4ab2-9f63-1adb80dcec62)]","source":"MITRE","associated_software_id":"132b2577-e54e-49d4-8579-963dea48bd6a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a9ce311d-dd8c-497d-b38f-b535d7318ed4","name":"Finger","type":"tool","source":"Tidal Cyber","software_attack_id":"S3225","tidal_id":"c04a2d4c-25c9-5b25-8675-f2ecae430209","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"19edc7d0-ca92-4935-b7ed-483fcc36457c","name":"Finger.exe","description":"[[Finger.exe - LOLBAS Project](/references/e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2)]","source":"Tidal Cyber","associated_software_id":"44e3833b-bf22-4adb-9986-95f4e8898f21","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fe1045dd-23a0-4350-ba4d-cfac47147207","tag":"1da4f610-4c54-46a3-b9b3-c38a002b623e"},{"id":"607c36a6-66c6-4c72-b8aa-803662e14428","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"486c81ff-320a-4ba1-a617-f142b38c606d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"84187393-2fe9-4136-8720-a6893734ee8c","name":"FIVEHANDS","type":"malware","source":"MITRE","software_attack_id":"S0618","tidal_id":"590f4515-96bd-57e4-ba31-24cfdb66639f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fb9a65f4-e288-475e-a0a8-3a3ee6fc9c13","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1301b905-e9db-4c2b-9900-0ce3a2a1d784","tag":"f1ad9eba-f4fd-4aec-92c0-833ac14d741b"},{"id":"9a40a015-db51-4389-b48f-a2b8282c4fde","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b7b85c31-7fc1-4d5a-ac0d-ae4183fbd445","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0389480a-991c-4ce6-9812-defcf813921f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"977aaf8a-2216-40f0-8682-61dd91638147","name":"Flagpro","type":"malware","source":"MITRE","software_attack_id":"S0696","tidal_id":"2195b745-6cc6-5536-9f22-8d89f734ef0f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NTT Security Flagpro new December 2021](https://app.tidalcyber.com/references/c0f523fa-7f3b-4c85-b48f-19ae770e9f3b)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2b97fbb2-d7f5-4a0a-87b6-1748bfa04207","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"87604333-638f-4f4a-94e0-16aa825dd5b8","name":"Flame","type":"malware","source":"MITRE","software_attack_id":"S0143","tidal_id":"fe519bc1-a0aa-5d7b-968a-bf12911806c5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"976f7c49-80d1-4d65-8068-884f69ac0ea2","name":"Flamer","description":"[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)] [[Symantec Beetlejuice](https://app.tidalcyber.com/references/691ada65-fe64-4917-b379-1db2573eea32)]","source":"MITRE","associated_software_id":"4a135c64-23dd-4850-8484-d9805d3663b5","owner_id":null,"owner_name":null},{"id":"fe1b46e0-98d1-4cf3-a52c-78f3e9e77303","name":"sKyWIper","description":"[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)] [[Crysys Skywiper](https://app.tidalcyber.com/references/ea35f530-b0fd-4e27-a7a9-6ba41566154c)]","source":"MITRE","associated_software_id":"9a1c376d-6ef8-4d18-a4ff-e28751d30ae1","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"8207f7b8-8c90-4720-9b8f-b5b138e3f272","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"44a5e62a-6de4-49d2-8f1b-e68ecdf9f332","name":"FLASHFLOOD","type":"malware","source":"MITRE","software_attack_id":"S0036","tidal_id":"b600fe6e-b6c9-5039-a53e-f3502aa7c68a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"308dbe77-3d58-40bb-b0a5-cd00f152dc60","name":"FlawedAmmyy","type":"malware","source":"MITRE","software_attack_id":"S0381","tidal_id":"2af5e667-e347-57c2-9c64-2c6efe9d084b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA505 Mar 2018](https://app.tidalcyber.com/references/44e48c77-59dd-4851-8455-893513b7cf45)][[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)][[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"738bdc4c-29e6-47ae-9bd6-33d18c729b95","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c558e948-c817-4494-a95d-ad3207f10e26","name":"FlawedGrace","type":"malware","source":"MITRE","software_attack_id":"S0383","tidal_id":"05735762-5e93-58ce-b680-0e7b454c64f7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8ce0e708-8f28-4c66-be99-cfa7c8e6567a","name":"BARBWIRE","description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","source":"Tidal Cyber","associated_software_id":"c6731561-3f22-451d-adf8-4b80ef07ce65","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"2a2b141c-7a11-4e3b-9bcc-ba4b20bcab98","name":"GraceWire","description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","source":"Tidal Cyber","associated_software_id":"70bf0820-6ce7-4877-a668-6583aef5a4c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint TA505 Jan 2019](https://app.tidalcyber.com/references/b744f739-8810-4fb9-96e3-6488f9ed6305)][[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)][[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Threat Intelligence Tweet June 17 2020](/references/98fc7485-9424-412f-8162-a69d6c10c243)]","group_attack_id":"G3012","group_id":"eb10ed9e-ea8d-4b61-bfc3-5994d30970df","name":"Spandex Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0180ac07-b3ca-4087-93b9-58c3e053df15","tag":"ede6e717-5e5f-4321-9ddd-d0d7ab315a89"},{"id":"95575a8e-a000-4260-82a7-c8c1ccf53cf1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"34c4c48f-4367-4786-8e2b-0d8d4a7061f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"8b4ffcd4-9efe-4a65-a841-c4778f7e7865","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a9675dcd-d47f-492e-a2d3-5222c68cf644","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"68758d3a-ec4b-4c19-933d-b4c3000281b2","name":"FleetDeck","type":"tool","source":"Tidal Cyber","software_attack_id":"S3079","tidal_id":"8b312064-1e69-59d4-b09f-06e95fbe022b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22473be6-5a16-4341-8af1-1d15d3f7990e","name":"Commander","description":"","source":"Tidal Cyber","associated_software_id":"6f5b39e8-5c52-478c-b9f6-89822c43d859","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CrowdStrike Scattered Spider SIM Swapping December 22 2022](/references/e48760ba-2752-4d30-8f99-152c81f63017)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cyber Centre ALPHV/BlackCat July 25 2023](/references/610c8f22-1a96-42d2-934d-8467d136eed2)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"68893ea2-5f1a-4272-a8c9-8aa4ecf27596","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"29b1b519-b31f-4f1d-855f-c887c614c202","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2613f7b2-6732-4399-b272-4c7418546d80","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"18002747-ddcc-42c1-b0ca-1e598a9f1919","name":"FLIPSIDE","type":"malware","source":"MITRE","software_attack_id":"S0173","tidal_id":"c439ddf9-6551-58ba-8ee8-daa6e64939dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"43d57826-cd15-4154-8f04-38351c96986e","name":"fltMC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3226","tidal_id":"b417f45f-c4ff-5dd8-a953-14e0a51caca1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2b283bd4-c8d1-4899-94b2-dab6b258138d","name":"fltMC.exe","description":"[[fltMC.exe - LOLBAS Project](/references/cf9b4bd3-92f0-405b-85e7-95e65d548b79)]","source":"Tidal Cyber","associated_software_id":"91939985-db0a-4ba9-9fd7-9785615cc0f4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"61aed4c2-0e1e-47d7-ae97-2a8330f2ecd7","tag":"49bbb074-2406-4f27-ad77-d2e433ba1ccb"},{"id":"c1beb55a-3fc8-420f-aaea-4471ef90e353","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a55e4d41-abfb-40e8-b75c-d3184f67d791","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bc11844e-0348-4eed-a48a-0554d68db38c","name":"FoggyWeb","type":"malware","source":"MITRE","software_attack_id":"S0661","tidal_id":"8569b7d2-ae38-5fea-8682-675e73bd7dd1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC FoggyWeb September 2021](https://app.tidalcyber.com/references/1ef61100-c5e7-4725-8456-e508c5f6d68a)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d7869357-3480-4445-9f66-0ecbf0305111","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"3480069a-13eb-4f1e-9967-57ecac415c52","name":"Fog Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3146","tidal_id":"a2c07726-168d-5e9f-8b73-73f01b538951","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"97438dc9-3c5e-45fe-896d-da50613ed908","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7f98862a-9fc3-4829-b7bf-91f459121637","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b4f5dffa-4a1e-4c1c-a9aa-00f449395344","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"a53acb5c-db20-4f07-9527-f11e54a446f6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"be89739c-d4e8-40cf-800b-9a7ba453ac79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a4242c31-4bf4-4852-aaf3-92d695203e39","name":"ForestTiger","type":"malware","source":"Tidal Cyber","software_attack_id":"S3503","tidal_id":"d8238525-bd01-5b28-9cfc-2bb38e5d2b10","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft TeamCity Exploit Campaign October 18 2023](/references/d6dc556c-dbf2-4272-a550-14f5292c4fd4)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"82f5dc65-01c0-40a0-8b2a-ae5fc8753b96","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0c4c01be-9eb2-49eb-801c-de312cdadd03","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dfce07aa-4046-4040-8e41-21754719daeb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c6dc67a6-587d-4700-a7de-bee043a0031a","name":"Forfiles","type":"tool","source":"MITRE","software_attack_id":"S0193","tidal_id":"acb31a67-45db-5556-b199-d7d4ee005f19","platforms":[],"associated_software":[{"id":"22141301-25e2-43de-a956-99b453421dec","name":"Forfiles.exe","description":"","source":"Tidal Cyber","associated_software_id":"f283d74b-b2fe-4974-8dc2-d33c93575b2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Ãœberwachung APT28 Forfiles June 2015](https://app.tidalcyber.com/references/3b85fff0-88d8-4df6-af0b-66e57492732e)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e6287952-3c66-46c8-9f54-f75ce682f137","tag":"91804406-e20a-4455-8dbc-5528c35f8e20"},{"id":"dd0901bf-218d-4ccf-8e88-efea7438dbf6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"599aee63-0607-4a81-826f-ff93478f6c2a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"376d1383-17a7-48b0-8a8b-d6142b2f3003","name":"Formbook (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3003","tidal_id":"681d1389-448b-5a51-b76c-efd9800f3d6e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"47b76191-02d0-4a9f-a4ea-b1f798a84c7a","name":"Xloader","description":"[[Cyble July 01 2022](/references/1b0e143a-3c5d-4445-9a99-8e42815130ac)]","source":"Tidal Cyber","associated_software_id":"c5fbcaee-0ab6-4d61-829b-5a3fb4846fc3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2a83e1c-21d8-43df-b0ef-57eb7ef1ac31","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"254864df-c2ec-4fe0-9b60-5d68b4e61c24","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"467bcb35-433e-4547-960b-461c18733e67","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"83721b89-df58-50bf-be2a-0b696fb0da78","name":"FRAMESTING","type":"malware","source":"MITRE","software_attack_id":"S1120","tidal_id":"7ea8be5b-5b1c-5295-9026-a03f812fdbe8","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"aef7cbbc-5163-419c-8e4b-3f73bed50474","name":"FrameworkPOS","type":"malware","source":"MITRE","software_attack_id":"S0503","tidal_id":"544639a0-2a8b-5e02-9494-943d3fb11b84","platforms":[],"associated_software":[{"id":"0a491f01-4378-4cec-838e-a67d63820a95","name":"Trinity","description":"[[SentinelOne FrameworkPOS September 2019](https://app.tidalcyber.com/references/054d7827-3d0c-40a7-b2a0-1428ad7729ea)]","source":"MITRE","associated_software_id":"ebc42f24-1194-4e44-baa2-50dfa222162e","owner_id":null,"owner_name":null}],"groups":[{"description":"[[SentinelOne FrameworkPOS September 2019](https://app.tidalcyber.com/references/054d7827-3d0c-40a7-b2a0-1428ad7729ea)][[Crowdstrike Global Threat Report Feb 2018](https://app.tidalcyber.com/references/6c1ace5b-66b2-4c56-9301-822aad2c3c16)][[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1d5c5822-3cb4-455a-9976-f6bc17e2820d","name":"FreeFileSync","type":"tool","source":"Tidal Cyber","software_attack_id":"S3034","tidal_id":"2ff0dc30-cb3f-5322-a9f1-bd648f9e0ad5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"045a43cb-c125-4156-b9eb-5080ab8ec8a0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"93d13afc-d2b3-4a89-a4e8-c855ec1ef775","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"8994083f-8b74-4f62-95bd-bad01f64172f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6d740b6a-d67e-4083-99ed-55ef3f9a784f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"51b87720-6b0c-46f1-a902-5854c7e461a1","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"c0eeba93-a910-4d48-b028-13f6491c738a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"2afffddf-951a-4463-8020-aee512531619","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"11672701-f017-4295-8629-ba3deafa3534","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"35a49f93-69ea-4960-ac44-0c81bcbde581","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1601cdcb-dc0d-4f9b-83b5-ec4f0efc2706","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b39272aa-050d-4223-907e-a6fc3bfe3f12","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5d83dd11-3928-5d7e-a50c-5c06594a5229","name":"FRP","type":"tool","source":"MITRE","software_attack_id":"S1144","tidal_id":"5d83dd11-3928-5d7e-a50c-5c06594a5229","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)][[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[RedCanary Mockingbird May 2020](https://app.tidalcyber.com/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"850344d3-1d6c-458c-9639-b0e6b76cf7cd","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a31fa1e1-d7f9-415f-9d10-7ce06552cdc3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"31325d70-090e-4444-82b6-365d46a7da53","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"3a05085e-5a1f-4a74-b489-d679b80e2c18","name":"FruitFly","type":"malware","source":"MITRE","software_attack_id":"S0277","tidal_id":"57bde159-fa1e-5255-9c6b-2981bf9d0cb1","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f2a5e6cb-75fd-4108-9466-80471c7d0422","name":"Fsi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3343","tidal_id":"40989383-485b-505c-b1d0-9db2f31bedf7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"782590b4-0cc8-45bc-8e64-1960e42d68e9","name":"Fsi.exe","description":"[[Fsi.exe - LOLBAS Project](/references/4e14e87f-2ad9-4959-8cb2-8585b67931c0)]","source":"Tidal Cyber","associated_software_id":"33c9b15d-da72-49ab-b5a3-918c93ea5208","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET ComRAT May 2020](/references/cd9043b8-4d14-449b-a6b2-2e9b99103bb0)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2e9d0eaa-6667-4ca3-a550-f7cd5b33ecc8","tag":"7a4b56fa-5419-411b-86fe-68c9b0ddd3c5"},{"id":"bad24647-3fe2-41f2-a692-12fe1d9fca20","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d9e2c7f3-c3fe-4a21-802a-2cc73fef1d57","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9e5c41bb-f4cc-4132-8c7a-4a10a006190b","name":"FsiAnyCpu","type":"tool","source":"Tidal Cyber","software_attack_id":"S3344","tidal_id":"c31a8263-b3f8-5b7b-8753-140746c15954","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a4048e4-028a-434b-bb75-edac8aefe948","name":"FsiAnyCpu.exe","description":"[[FsiAnyCpu.exe - LOLBAS Project](/references/87031d31-b6d7-4860-b11b-5a0dc8774d92)]","source":"Tidal Cyber","associated_software_id":"0c8284cf-4e6f-4660-9381-76c08e0a6244","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b008aeb6-f43f-4176-9dc1-7c2aa723fbab","tag":"c5d1a687-8a36-4995-b8cb-415f33661821"},{"id":"d70a44c9-6837-4fe8-94fe-9d1c896e4184","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"231cb758-8f3d-4b3f-9d0f-620390dc4aff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a829dae-00cf-4321-95b4-276f7dfb5368","name":"Fsutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3228","tidal_id":"8d8c1922-2b73-5c82-a399-17e66bdb98b1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0d16f928-f08a-450b-8980-60f0e13abf2a","name":"Fsutil.exe","description":"[[Fsutil.exe - LOLBAS Project](/references/e2305dac-4245-4fac-8813-69cb210e9cd3)]","source":"Tidal Cyber","associated_software_id":"142b3451-bb26-4bb2-8d22-58cccd0f52ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4fe10d11-4f18-490c-9b52-35cc665ade96","tag":"76bb7541-94da-4d66-9a57-77f788330287"},{"id":"8443643b-0732-4c6a-9c2b-e2cb66f48286","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"433c461d-4027-4e0d-aa47-bc8f35f09b4e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"062deac9-8f05-44e2-b347-96b59ba166ca","name":"ftp","type":"tool","source":"MITRE","software_attack_id":"S0095","tidal_id":"9bb3879f-1ea5-57ab-9a43-73a5ddf709a1","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e512e0ec-ff37-49ef-ac82-3b6892f3ebd2","name":"ftp.exe","description":"","source":"MITRE","associated_software_id":"4cce70d6-bf60-4943-9342-a9f3f306aea0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FBI FLASH APT39 September 2020](https://app.tidalcyber.com/references/76869199-e9fa-41b4-b045-41015e6daaec)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Palo Alto OilRig Oct 2016](https://app.tidalcyber.com/references/14bbb07b-caeb-4d17-8e54-047322a5930c)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"81468e2a-f77f-4892-8285-4d5d1c10c684","tag":"95d37388-4e95-4d7f-96ba-99d94c842299"},{"id":"1a3922db-0616-4c54-adbc-71d03e1a0a58","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5bdf46a2-e5fb-48e5-9132-0205ded2f189","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"b083b702-3f3f-4deb-b3f2-ce163014f7b5","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"ab6ebd5a-05e3-49b7-93f2-d8cb83a86c28","name":"FudModule","type":"malware","source":"Tidal Cyber","software_attack_id":"S3388","tidal_id":"8bc8fe68-2b01-5bd0-a1d1-17f7b22e23fe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"720a8dfd-0757-45c7-9e52-f6bed0760aaa","tag":"95b66dc5-2f49-4b82-8f03-c3eaa579085b"},{"id":"f2daf22e-1966-4c2a-a840-f18c36b70c4f","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"6432a383-1391-46bf-b9b7-4e7ac4643f4f","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"cb476e0f-189e-4984-ac8c-dea13dd2b076","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"837dc614-b6a0-4cdf-b48b-dfa5d5a01534","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"72ce513a-6b47-437e-95b3-7ce8d44c6f2a","name":"FunkSec Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3417","tidal_id":"a78a386b-48bd-5f3c-af2e-db7284cb2a79","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Check Point Research January 10 2025](/references/8f64819e-dc3d-48da-a84d-14eaacb0d61e)]","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f1dfab9e-c7b7-43b8-95ec-765b06f75cdb","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"b8c53063-736d-45c1-9fd0-d3556db15ab7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0cfbbac2-0100-48ed-a15f-83178d9dfb18","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c4decc26-ca64-4643-95e6-493f228d3fbb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb3b07a4-64c3-407e-98b5-1d1e0b535a43","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d0490e1d-8287-44d3-8342-944d1203b237","name":"FunnyDream","type":"malware","source":"MITRE","software_attack_id":"S1044","tidal_id":"1e49740e-3255-5866-95e5-e368b16b0bbc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"148fa35e-bf01-42a2-af9c-c914bf2f20af","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"be9a2ae5-373a-4dee-9c1e-b54235dafed0","name":"FYAnti","type":"malware","source":"MITRE","software_attack_id":"S0628","tidal_id":"62b59da1-b19c-5af0-a676-ac7694aa4cc0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b823ac5-5613-4665-a62e-5635e951e8ba","name":"DILLJUICE stage2","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"b9e7470c-e179-4efd-b472-ba146d8cf8fa","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"317a7647-aee7-4ce1-a8f8-33a61190f55d","name":"Fysbis","type":"malware","source":"MITRE","software_attack_id":"S0410","tidal_id":"5f1adc2e-c879-5b08-a63b-42d501a8cff7","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Fysbis Palo Alto Analysis](https://app.tidalcyber.com/references/3e527ad6-6b56-473d-8178-e1c3c14f2311)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"029768d5-814e-4c75-a1a8-2cf7c9810b57","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cac54152-17ad-4bb9-a412-53a35af1e95a","name":"Gamarue","type":"malware","source":"Tidal Cyber","software_attack_id":"S3387","tidal_id":"8d3b9416-9602-563e-9163-1924b540e33a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e0477630-ae75-4bc4-bc54-e28830429162","tag":"ca440076-2a36-405a-bf4c-d4529e91b641"},{"id":"fb6bdeb7-89c2-46b7-9c83-5a07edacf86b","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"8b34d33c-c9af-4f57-ac8e-85c78941f856","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"9512517f-1636-45c9-a8c7-ba0b77227d3f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1b137f10-5f0b-485a-9d34-0df9dbe0dea6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7a60b984-b0c8-4acc-be24-841f4b652872","name":"Gazer","type":"malware","source":"MITRE","software_attack_id":"S0168","tidal_id":"94e50baa-5900-5f96-9d37-4d67e5b71118","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7305624a-c600-4135-a190-b558e98e1810","name":"WhiteBear","description":"The term WhiteBear is used both for the activity group (a subset of G0010) as well as the malware observed. Based on similarities in behavior and C2, WhiteBear is assessed to be the same as S0168. [[Securelist WhiteBear Aug 2017](https://app.tidalcyber.com/references/44626060-3d9b-480e-b4ea-7dac27878e5e)][[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)]","source":"MITRE","associated_software_id":"24e22e4a-0c90-48e6-94ed-f212b21f7212","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET Gazer Aug 2017](https://app.tidalcyber.com/references/9d1c40af-d4bc-4d4a-b667-a17378942685)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"684ab077-afdf-4dd8-aa77-84b4573b6084","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4fcd2c40-b5a6-452b-8052-89e0449ac6ed","name":"gdrive","type":"tool","source":"Trellix TIG","software_attack_id":"S3427","tidal_id":"79a0494d-a85c-57ee-a800-afe354626d85","platforms":[],"associated_software":[{"id":"153e45cd-7d97-4449-9c05-aae003c2119c","name":"Google Drive CLI Client","description":"","source":"Trellix TIG","associated_software_id":"19536c37-71d2-4ae7-9021-63c981fc011c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"9a117508-1d22-4fea-aa65-db670c13a5c9","name":"Gelsemium","type":"malware","source":"MITRE","software_attack_id":"S0666","tidal_id":"82b2fea7-f859-5070-9cbb-88074707c9d8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ae9e896-aee3-44bf-b53d-2b4556620f27","name":"Gelsevirine","description":"[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]","source":"MITRE","associated_software_id":"b270fcf2-72ea-41c5-89fe-addb6cefd547","owner_id":null,"owner_name":null},{"id":"6add24ca-d391-4416-8283-c7bb5f8209c6","name":"Gelsenicine","description":"[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]","source":"MITRE","associated_software_id":"86499f47-083e-47a5-ad8c-032f54f26359","owner_id":null,"owner_name":null},{"id":"8a9e7456-838a-4c38-99f8-385d82e1a549","name":"Gelsemine","description":"[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]","source":"MITRE","associated_software_id":"2f00732c-43a7-4253-a5eb-990d8466eb01","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"97f32f68-dcd2-4f80-9967-cc87305dc342","name":"GeminiDuke","type":"malware","source":"MITRE","software_attack_id":"S0049","tidal_id":"6b12afed-2c16-5368-9611-60253ddb5682","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a997aaaf-edfc-4489-80a9-3f8d64545de1","name":"Get2","type":"malware","source":"MITRE","software_attack_id":"S0460","tidal_id":"4940c036-2228-509f-b4df-9414ddafef3f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c14e9eda-d6a4-44a4-a57f-e6f63dc07217","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"a83cfdbf-023a-4874-a3d8-9674149ceb53","name":"GfxDownloadWrapper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3307","tidal_id":"9d0c0b06-7bef-511b-9ceb-1435ab0d565c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"068e3fc4-d5e4-436b-acf2-3db65c7a7166","name":"GfxDownloadWrapper.exe","description":"[[GfxDownloadWrapper.exe - LOLBAS Project](/references/5d97b7d7-428e-4408-a4d3-00f52cf4bf15)]","source":"Tidal Cyber","associated_software_id":"396335cb-1404-44f1-9d73-387e468bc781","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"915fce25-5dd1-4544-b148-7b16fb357089","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f981df78-26d6-4244-8fb4-ef53089be4bd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"269ef8f5-35c8-44ba-afe4-63f4c6431427","name":"gh0st RAT","type":"malware","source":"MITRE","software_attack_id":"S0032","tidal_id":"f335e7a0-d0b6-5b55-9407-e10a2ccb337a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6a9351cf-3ce8-48de-b102-e07697bf7134","name":"Mydoor","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"d468e609-3469-4308-9fb9-b6ca8655a1b6","owner_id":null,"owner_name":null},{"id":"f26ae32b-07d4-4a4c-b63a-0012fc89fec0","name":"Moudoor","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"f1c8627e-d1bb-4a15-997c-08d5c8626718","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)][[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[RSA2017 Detect and Respond Adair](https://app.tidalcyber.com/references/005a276c-3369-4d29-bf0e-c7fa4e7d90bb)]","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[TA459](https://app.tidalcyber.com/groups/e343c1f1-458c-467b-bc4a-c1b97b2127e3) has used a Gh0st variant known as PCrat/Gh0st.[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)][[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[AhnLab Andariel Subgroup of Lazarus June 2018](https://app.tidalcyber.com/references/bbc66e9f-98f9-4e34-b568-2833ea536f2e)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZEUNION Feb 2019](https://app.tidalcyber.com/references/691df278-fd7d-4b73-a22c-227bc7641dec)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)][[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e5fe5293-a4da-4890-bbde-e8cf11eb1743","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e9ccb45e-da58-4c8a-950a-09526dfd49fe","name":"GhostLocker","type":"malware","source":"Trellix TIG","software_attack_id":"S3448","tidal_id":"ce998164-7c4b-5213-b782-d8f4f611839c","platforms":[],"associated_software":[{"id":"04ef31ba-ce4e-4867-b2a5-15efbb9476cc","name":"GhostLocker 2.0","description":"","source":"Trellix TIG","associated_software_id":"7b557aa8-fbf8-4170-bd22-5023208425e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6a3edce8-2fca-4e73-a73f-27d2f095c771","name":"GhostLocker V2","description":"","source":"Trellix TIG","associated_software_id":"c118a947-e3cd-4573-8c4e-cb2ca5559bf7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f6231f78-ea43-4eaa-aaa9-251d9e7c32e8","name":"GhostLocker V3","description":"","source":"Trellix TIG","associated_software_id":"e7c5eadb-0b36-4e28-a296-6f2a03ad17ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"93e05809-4d63-423a-8b9d-531fd624fdcf","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"d4d21463-1d66-40ab-851b-6c2e7242d923","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4572427d-ec1f-4867-93b5-c072c103bbab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"9a89bedf-9317-4396-9556-5e9391841adb","name":"GhostPresser","type":"malware","source":"Trellix TIG","software_attack_id":"S3431","tidal_id":"e28426cf-c6ef-5b05-a197-ff5f402289d1","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"b3f0a1c5-f09c-498b-9ae3-eb3b65a33cfb","name":"GhostSec Deep Scan Tool","type":"malware","source":"Trellix TIG","software_attack_id":"S3419","tidal_id":"943400f5-1c99-5ade-9b97-0fa03957addf","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b821fb92-cea5-4b71-ae9f-bedace07316a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"16833a73-d656-416c-ba1c-92b39578428a","name":"GHOSTTOWN","type":"malware","source":"Trellix TIG","software_attack_id":"S3395","tidal_id":"a0630c07-4237-5ee6-bd4e-38dfa798b668","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"014cd273-9d62-4a67-a8bc-cd041e603381","name":"GitHub","type":"tool","source":"Trellix TIG","software_attack_id":"S3401","tidal_id":"dc966e5f-2702-56c5-af87-35d46121ed8e","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"5c1a1ce5-927c-5c79-8a14-2789756d41ee","name":"GLASSTOKEN","type":"malware","source":"MITRE","software_attack_id":"S1117","tidal_id":"702e272c-770c-519a-add0-24e1a72a4526","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"09fdec78-5253-433d-8680-294ba6847be9","name":"GLOOXMAIL","type":"malware","source":"MITRE","software_attack_id":"S0026","tidal_id":"20a42b9e-c99e-5207-b611-12abc91fded7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cc8a6275-00b8-4186-bb7e-e4032e03e845","name":"Trojan.GTALK","description":"","source":"MITRE","associated_software_id":"b7246af4-31b1-42b4-aafd-853a5fd9fbbf","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"83713f85-8b2f-4733-9fea-e6a1494d0bbb","name":"GMER","type":"tool","source":"Tidal Cyber","software_attack_id":"S3035","tidal_id":"b54705cb-62cc-548d-b290-0bb242ca0164","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c007aa91-72c3-46a4-bdb0-57ead4db167e","tag":"c87e8e01-f6fb-483b-8343-68ef9440f1bf"},{"id":"f88089ef-a1e1-431f-be11-1ba9de4e400a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a7ea9865-5a52-43a7-b9fc-771f48645b2f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b42a2770-02ec-4df8-b13b-1596e489157b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c454e791-d712-43fe-b72a-33263e3f8ecd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"504933e5-165a-43d5-be11-b17aa21c6f66","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"56ff323e-e6d4-41e2-8cab-702d1b5371f0","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"514de1d2-4ab4-491d-8a25-d0f1dd519507","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e4c108f9-f0cf-4d23-86f2-16b2e878b6a3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"d40a841c-1db7-4610-8e55-8b47a7d521df","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"cfb6a510-0585-408a-8968-f08d34274c0f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4ce46c8d-d0cc-4d68-8798-6037cb39cca0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b4551a30-352f-472d-b107-98db2321ccc8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1e08331a-95d6-57f6-8dd2-115e2f5b83d4","name":"GoBear","type":"malware","source":"MITRE","software_attack_id":"S1197","tidal_id":"1e08331a-95d6-57f6-8dd2-115e2f5b83d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[GoBear](https://app.tidalcyber.com/software/1e08331a-95d6-57f6-8dd2-115e2f5b83d4) is exclusively linked to [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.[[S2W Troll Stealer 2024](https://app.tidalcyber.com/references/5fbb0dcb-c882-597f-ade8-4b8afb8b55a8)][[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"27e8ea0b-f126-40bc-aa44-cccabb7bd104","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"911300f1-3391-4044-b597-4886c536db25","name":"GodPotato","type":"tool","source":"Tidal Cyber","software_attack_id":"S3437","tidal_id":"41c45117-5de2-53d1-81b3-2ec5dd377af0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"221c341e-bdd1-4625-bea8-4d28e30f8e65","name":"God.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"241e797c-4993-4480-963f-a17d1bfc418e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d6638161-4906-4c7f-a522-5c50746dda4c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"dd6bf993-f1f2-4c75-a08b-3df1c2cde5fc","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8f4b174b-653b-4498-be44-5e00ed3a8865","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"86231e81-3465-4841-8f98-ac9bdac86225","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"94035960-5ada-4b7c-91f9-2c0c179e030a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"dfb8b4c0-26f4-4ef9-86a1-e73fe70e85ac","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"348fdeb5-6a74-4803-ac6e-e0133ecd7263","name":"Gold Dragon","type":"malware","source":"MITRE","software_attack_id":"S0249","tidal_id":"d5b86c93-1af8-5309-b9a9-da7d8fc32923","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos Kimsuky Nov 2021](https://app.tidalcyber.com/references/17927f0e-297a-45ec-8e1c-8a33892205dc)][[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1b135393-c799-4698-a880-c6a86782adee","name":"GoldenSpy","type":"malware","source":"MITRE","software_attack_id":"S0493","tidal_id":"7e13200b-cad4-59e4-b4ab-1e1e980340e1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f0abae76-c3f3-4867-8a2a-eaa9ce5c9496","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"}],"owner_name":null},{"id":"4e8c58c5-443e-4f73-91e9-89146f04e307","name":"GoldFinder","type":"malware","source":"MITRE","software_attack_id":"S0597","tidal_id":"ae03d428-633f-586c-9883-356344844799","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b05a9763-4288-4656-bf4e-ba02bb8b35d6","name":"GoldMax","type":"malware","source":"MITRE","software_attack_id":"S0588","tidal_id":"b75d655d-247f-54ed-a796-ee3ca5cc0370","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5ba7d15e-06cf-4fd9-8a89-4d4fea6f9b51","name":"SUNSHUTTLE","description":"[[FireEye SUNSHUTTLE Mar 2021](https://app.tidalcyber.com/references/1cdb8a1e-fbed-4db3-b273-5f8f45356dc1)]","source":"MITRE","associated_software_id":"c3ca0824-88bf-4489-bd93-7598044d1088","owner_id":null,"owner_name":null}],"groups":[{"description":"[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)][[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5eaa2587-d225-49e9-af95-a2aee168325a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"bc668ae0-a70e-55ad-9824-765425f6b02a","name":"Gomir","type":"malware","source":"MITRE","software_attack_id":"S1198","tidal_id":"bc668ae0-a70e-55ad-9824-765425f6b02a","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Gomir](https://app.tidalcyber.com/software/bc668ae0-a70e-55ad-9824-765425f6b02a) is uniquely associated with [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.[[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4a79be02-cfd6-49ea-b73b-12b8236a21e7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1173bbcf-5c8c-4e57-8424-5037922a2499","name":"Google Drive","type":"tool","source":"Trellix TIG","software_attack_id":"S3403","tidal_id":"ae437c4b-a251-56f3-a158-f00249fb0422","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"a75855fd-2b6b-43d8-99a5-2be03b544f34","name":"Goopy","type":"malware","source":"MITRE","software_attack_id":"S0477","tidal_id":"ad32c862-1de3-57bd-b99f-d7540961260b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ef74d66c-2fe4-4fcc-89f1-d31bc0cf27e4","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"f9c32a11-964c-4480-968b-e520b8c7b26e","name":"GooseEgg","type":"malware","source":"Tidal Cyber","software_attack_id":"S3131","tidal_id":"32e17fcb-7d1d-5e63-af2b-7c5acaae6b32","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog 4 22 2024](/references/050ff793-d81d-499f-a136-905e76bce321)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1832fe22-a571-4993-bc64-b058da578116","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8c81e01c-778c-4b36-ab80-52d617e79bed","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"f49837e5-1cad-453f-b754-516afbcbb8da","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"d7957c52-3b63-4550-8e2f-e48400ef7c1a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b18a505f-16ca-5b51-9bed-ae05b47c7706","name":"Gootloader","type":"malware","source":"MITRE","software_attack_id":"S1138","tidal_id":"b18a505f-16ca-5b51-9bed-ae05b47c7706","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"43c07131-d43c-44f8-a5bd-06794b21bc94","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1d8fa132-2246-4174-82c8-b7f6d98d86f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c85f394f-c2e5-47f7-a9e9-8baa7022f948","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"d61d347f-95d4-476e-84e1-eda48d5e170c","name":"gorilla/mux","type":"tool","source":"Trellix TIG","software_attack_id":"S3405","tidal_id":"a790a177-20ba-59f5-8977-9413827acd8a","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"9570d4c0-93f3-4af2-9783-f144818a0e48","name":"GoToAssist","type":"tool","source":"Tidal Cyber","software_attack_id":"S3395","tidal_id":"89d3b290-43c8-52bd-aa2f-8c99174be0a8","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"412d6531-e871-44fa-b992-7869de700c12","name":"GoTo Resolve","description":"[[GoTo Resolve](/references/f1a13cad-b77e-4c38-925c-038a4fcec8d3)]","source":"Tidal Cyber","associated_software_id":"e4064321-95ca-45ca-a9c8-f8a436003299","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CrowdStrike Carbon Spider August 2021](/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bddb08b2-a653-4fe3-a050-eb581a0a5045","tag":"857d10f8-d1d0-4f67-8bf4-d760e3471bbb"},{"id":"1ea5163e-a5e4-461f-8871-f65b5a8b340a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"3ebc9598-7839-4034-beab-83867d3fd0b8","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"15db1f0f-d569-404f-9c46-a3997905f063","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"acf4a502-2730-4b36-aea3-652420390977","name":"Gpscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3230","tidal_id":"99c45470-4d78-556d-97fc-0a728ad465a3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4138af40-f244-4eca-8957-3523ef3ae312","name":"Gpscript.exe","description":"[[Gpscript.exe - LOLBAS Project](/references/619f57d9-d93b-4e9b-aae0-6ce89d91deb6)]","source":"Tidal Cyber","associated_software_id":"34cc45e9-f8c3-4b2d-b8b5-ace1aec167b2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"26764a7b-9216-469f-824e-e05866a7f7ed","tag":"2ca5c5e4-ee7f-4698-84ec-ce04d2c1e9cc"},{"id":"db1e2454-c98c-4fe7-a857-2b5cd10bfa06","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2fed445b-44ee-4592-924d-722e7fc74824","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"61d277f2-abdc-4f2b-b50a-10d0fe91e588","name":"Grandoreiro","type":"malware","source":"MITRE","software_attack_id":"S0531","tidal_id":"fb5efe94-6ed2-53d0-a200-afdbe6f24b12","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"9ba50663-15d7-4d83-a127-5e679d856b07","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"f77398ad-e043-4694-ade0-d6ea16a994e7","name":"GraphicalProton","type":"malware","source":"Tidal Cyber","software_attack_id":"S3102","tidal_id":"3f4e0f1e-c468-530c-b06c-378646f394e7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"08cb425d-7b7a-41dc-a897-9057ce57fea9","name":"GravityRAT","type":"malware","source":"MITRE","software_attack_id":"S0237","tidal_id":"04f7d8cb-686c-5f74-ab62-ac08bb23d874","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f5691425-6690-4e5e-8304-3ede9d2f5a90","name":"Green Lambert","type":"malware","source":"MITRE","software_attack_id":"S0690","tidal_id":"10690f34-9b51-52d2-9032-ff978eb9586a","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2b649307-21c5-4a77-a908-b23c062cc250","name":"grep","type":"tool","source":"Trellix TIG","software_attack_id":"S3432","tidal_id":"f6209dd5-5fa2-5369-a8b4-85ab0a2e151a","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0a402d35-948f-4a92-a7b4-19c8d73bc4fe","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f646e7f9-4d09-46f6-9831-54668fa20483","name":"GreyEnergy","type":"malware","source":"MITRE","software_attack_id":"S0342","tidal_id":"b9897005-6de3-5fec-a112-8a70ce641069","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad358082-d83a-4c22-81a1-6c34dd67af26","name":"GRIFFON","type":"malware","source":"MITRE","software_attack_id":"S0417","tidal_id":"1ceabd31-8f18-5b44-9bec-e9d7d1788c5a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SecureList Griffon May 2019](https://app.tidalcyber.com/references/42e196e4-42a7-427d-a69b-d78fa6375f8c)][[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"df250d18-1961-40d0-8874-fcb9d897a84a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"c40a71d4-8592-4f82-8af5-18f763e52caf","name":"GrimAgent","type":"malware","source":"MITRE","software_attack_id":"S0632","tidal_id":"2db144e3-1a60-5b39-8fd7-14eed8c6b149","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Group IB GrimAgent July 2021](https://app.tidalcyber.com/references/6b0dd676-3ea5-4b56-a27b-b1685787de02)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Group IB GrimAgent July 2021](https://app.tidalcyber.com/references/6b0dd676-3ea5-4b56-a27b-b1685787de02)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ceaa4154-edfd-4101-8ca0-c6c16dc90256","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3ff9e020-8a7a-4c6f-a607-117ce9e436c5","name":"Grixba","type":"malware","source":"Tidal Cyber","software_attack_id":"S3064","tidal_id":"8b552401-deb9-5576-a5b7-c487199dcd3f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Play Ransomware April 19 2023](/references/a78613a5-ce17-4d11-8f2f-3e642cd7673c)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dbfeec3f-a888-4716-b9d0-0f6f5b693acd","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7dd58d3f-838e-4951-a644-e0296e62df32","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"442fe42f-f062-4c67-b53c-64b92bb64f4f","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5fdc8aa3-6cf2-4539-a547-8aadca93b5a7","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"5ffe662f-9da1-4b6f-ad3a-f296383e828c","name":"gsecdump","type":"tool","source":"MITRE","software_attack_id":"S0008","tidal_id":"d2152a81-73ba-5d29-ba48-e08b8197f027","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)][[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)]","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4109dd59-8919-4954-bab8-2fa6b732bb3a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"03e985d6-870b-4533-af13-08b1e0511444","name":"GuLoader","type":"malware","source":"MITRE","software_attack_id":"S0561","tidal_id":"7013c6fd-55fa-5057-b6d1-84b5194d97dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ec7b5d89-1931-41a2-8878-06e61dd8536c","name":"CloudEyE","description":"","source":"Tidal Cyber","associated_software_id":"40ba88ff-8440-45e7-af8a-0fd165f4d4cc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7d906000-fb80-48ce-a1d8-3528df70afa8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9e41aea6-d4cf-4935-bd13-93d1f2d2a897","name":"gzip","type":"tool","source":"Trellix TIG","software_attack_id":"S3454","tidal_id":"695c3d63-346e-57ac-8a8a-8aae2f76aa4d","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"5f1602fe-a4ce-4932-9cf9-ec842f2c58f1","name":"H1N1","type":"malware","source":"MITRE","software_attack_id":"S0132","tidal_id":"ffd79ed1-191a-5325-a6b2-8174d56953ba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"75db2ac3-901e-4b1f-9a0d-bac6562d57a3","name":"Hacking Team UEFI Rootkit","type":"malware","source":"MITRE","software_attack_id":"S0047","tidal_id":"a0a94c32-b506-5810-846a-07c6be865699","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5edf0ef7-a960-4500-8a89-8c8b4fdf8824","name":"HALFBAKED","type":"malware","source":"MITRE","software_attack_id":"S0151","tidal_id":"62ad56d8-243e-5da0-bfc3-e073436887ea","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye FIN7 April 2017](https://app.tidalcyber.com/references/6ee27fdb-1753-4fdf-af72-3295b072ff10)][[FireEye FIN7 Aug 2018](https://app.tidalcyber.com/references/54e5f23a-5ca6-4feb-8046-db2fb71b400a)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cc07f03f-9919-4856-9b30-f4d88940b0ec","name":"HAMMERTOSS","type":"malware","source":"MITRE","software_attack_id":"S0037","tidal_id":"4d945b6a-abd5-5131-ac8d-61f4c109a4ab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b32ba80-6dd9-4e6e-9997-e9ad1ec9ef92","name":"HammerDuke","description":"","source":"MITRE","associated_software_id":"cd5e2212-64ec-4bf0-a533-6143542c8df5","owner_id":null,"owner_name":null},{"id":"d9860d9e-c7dd-440e-ae2e-d8effbc28cf0","name":"NetDuke","description":"","source":"MITRE","associated_software_id":"44c91046-4527-471e-b0d4-a83660594c93","owner_id":null,"owner_name":null}],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"87b1fa89-40b6-4b75-9938-9d5c2d5b9299","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4eee3272-07fa-48ee-a7b9-9dfee3e4550a","name":"Hancitor","type":"malware","source":"MITRE","software_attack_id":"S0499","tidal_id":"2614f44e-acf3-54b7-8fec-b6ed4cdad63b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"16d7bbe3-d369-435d-a696-4a1f1c4e8609","name":"Chanitor","description":"[[FireEye Hancitor](https://app.tidalcyber.com/references/65a07c8c-5b29-445f-8f01-6e577df4ea62)]","source":"MITRE","associated_software_id":"0616b745-4181-419f-b723-d60034b7c1b5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"028c47fe-2fdf-4138-8e9a-85c18a9b99f4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"7b64dec2-3b3d-42a1-abd3-da0b8d591293","name":"Handala Wiper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3509","tidal_id":"aa88e6b6-9779-5945-ac65-56bc82fc3ce8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Intelligence to Risk Retaliation Window June 23 2025](/references/e7703727-2388-4cf6-ac39-0a2a007019ac)]","group_attack_id":"G3113","group_id":"9462ee53-0e12-4441-a722-dabf6b3677b9","name":"Handala Hack Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7f4faf11-99ad-479e-90e7-dfe3ee7057c4","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"f454e3a0-a391-443a-a4fd-13eb95b963b8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"63e81f2c-dc40-4441-b2c4-e6eed5a57267","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"057645cd-795f-5f38-9e14-1c0f92615e3e","name":"Hannotog","type":"malware","source":"MITRE","software_attack_id":"S1211","tidal_id":"057645cd-795f-5f38-9e14-1c0f92615e3e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Hannotog](https://app.tidalcyber.com/software/057645cd-795f-5f38-9e14-1c0f92615e3e) is a backdoor associated with [Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) operations.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3736e8ba-1d53-4796-948d-9c32874e415f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c2c31b2e-5da6-4feb-80e3-14ea6d0ea7e8","name":"HAPPYWORK","type":"malware","source":"MITRE","software_attack_id":"S0214","tidal_id":"7a14166d-e029-5b66-ac8c-2bcf2191deee","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad0ae3b7-88aa-48b3-86ca-6a5d8b5309a7","name":"HARDRAIN","type":"malware","source":"MITRE","software_attack_id":"S0246","tidal_id":"b5794589-e18d-594a-ad5a-f530ba889f55","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT HARDRAIN March 2018](https://app.tidalcyber.com/references/ffc17fa5-e7d3-4592-b47b-e12ced0e62a4)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8bd36306-bd4b-4a76-8842-44acb0cedbcc","name":"Havij","type":"tool","source":"MITRE","software_attack_id":"S0224","tidal_id":"3462f273-f03f-5148-88ca-5ba7e3d371e8","platforms":[],"associated_software":[],"groups":[{"description":"[[Check Point Rocket Kitten](https://app.tidalcyber.com/references/71da7d4c-f1f8-4f5c-a609-78a414851baf)]","group_attack_id":"G0130","group_id":"e38bcb42-12c1-4202-a794-ec26cd830caa","name":"Ajax Security Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"76fbe80a-871d-462d-bdcb-1f6b2b1174e0","name":"Havoc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3452","tidal_id":"eb7b48a6-a118-5ce7-a4cd-f913ada46a7e","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c1622ab6-2ae5-45c8-8cf3-e754a69c8192","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ffa13850-1745-410a-9582-d554214edf4d","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"5cf6e862-2af9-4524-9fae-094d5ab25f53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"73c8578b-12c1-421b-8994-d1fe5e3723a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"392c5a32-53b5-4ce8-a946-226cb533cc4e","name":"HAWKBALL","type":"malware","source":"MITRE","software_attack_id":"S0391","tidal_id":"57bb9959-84d1-58be-a58d-4aada33fcc91","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a7ffe1bd-45ca-4ca4-94da-3b6c583a868d","name":"hcdLoader","type":"malware","source":"MITRE","software_attack_id":"S0071","tidal_id":"66cd4233-b532-5e4f-b661-48a8aeb08802","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Dell Lateral Movement](https://app.tidalcyber.com/references/fcc9b52a-751f-4985-8c32-7aaf411706ad)][[ThreatStream Evasion Analysis](https://app.tidalcyber.com/references/de6bc044-6275-4cab-80a1-feefebd3c1f0)]","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f155b6f9-258d-4446-8867-fe5ee26d8c72","name":"HDoor","type":"malware","source":"MITRE","software_attack_id":"S0061","tidal_id":"b0534c61-d84a-5b58-bf78-15e09d092986","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b347d675-9a6e-4f90-80d5-1574d30a5114","name":"Custom HDoor","description":"","source":"MITRE","associated_software_id":"69aa0c3f-0b9e-44f5-b1fe-0b155cff0a5f","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"813a4ca1-84fe-42dc-89de-5873d028f98d","name":"HELLOKITTY","type":"malware","source":"MITRE","software_attack_id":"S0617","tidal_id":"c8d0bb9f-c627-5aa3-8062-2af287e5b07a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8b771d09-fbb9-44c5-9410-4d507722ee12","tag":"4ac8dcde-2665-4066-9ad9-b5572d5f0d28"},{"id":"ad9529d9-c9bc-4dcf-8286-846dc50724d9","tag":"3535caad-a155-4996-b986-70bc3cd5ce1e"},{"id":"363a3fbf-983a-4740-90ca-0c4963692467","tag":"f1ad9eba-f4fd-4aec-92c0-833ac14d741b"},{"id":"c81bf46e-27f0-471f-9055-1e3798ffe466","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"662babe3-d738-4915-a884-1c09716deea7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"345d0305-7953-413f-9ad5-09e0dab8c12d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"d6560c81-1e7e-4d01-9814-4be4fb43e655","name":"Helminth","type":"malware","source":"MITRE","software_attack_id":"S0170","tidal_id":"10b07e4d-d209-5d61-a31e-52ea55676499","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)][[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)][[Crowdstrike Helix Kitten Nov 2018](https://app.tidalcyber.com/references/3fc0d7ad-6283-4cfd-b72f-5ce47594531e)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1d4d8ddf-efb1-4527-91ec-8bf891fdae5e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f0456f14-4913-4861-b4ad-5e7f3960040e","name":"HermeticWiper","type":"malware","source":"MITRE","software_attack_id":"S0697","tidal_id":"8f9b1298-cf2c-5063-b2e4-ad963609633b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0303659d-225e-4f5e-99e2-b9e0caa62b22","name":"DriveSlayer","description":"[[Crowdstrike PartyTicket March 2022](https://app.tidalcyber.com/references/8659fea7-7d65-4ee9-8ceb-cf41204b57e0)][[Crowdstrike DriveSlayer February 2022](https://app.tidalcyber.com/references/4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e)]","source":"MITRE","associated_software_id":"5375e2bd-be8e-4c7b-8173-74ff4f3598b4","owner_id":null,"owner_name":null},{"id":"ca36b443-0ec3-445c-a96e-aadf358d82a0","name":"Trojan.Killdisk","description":"[[CISA AA22-057A Destructive Malware February 2022](https://app.tidalcyber.com/references/18684085-c156-4610-8b1f-cc9646f2c06e)][[Symantec Ukraine Wipers February 2022](https://app.tidalcyber.com/references/3ed4cd00-3387-4b80-bda8-0a190dc6353c)]","source":"MITRE","associated_software_id":"85c3ad5c-ab5d-47b7-ba05-88daf017f1bd","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"f1e1603d-0335-440a-8c5a-075dd903beb9","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"36ddc8cd-8f80-489e-a702-c682936b5393","name":"HermeticWizard","type":"malware","source":"MITRE","software_attack_id":"S0698","tidal_id":"3bf9a440-6ef7-5ace-8c6b-ca67c2d39ee5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"438405fa-3353-42d5-882f-31fc720a785a","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"1841a6e8-6c23-46a1-9c81-783746083764","name":"Heyoka Backdoor","type":"malware","source":"MITRE","software_attack_id":"S1027","tidal_id":"c71d12c6-bbb2-5792-ae28-91940bb8c84b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelOne Aoqin Dragon June 2022](https://app.tidalcyber.com/references/b4e792e0-b1fa-4639-98b1-233aaec53594)]","group_attack_id":"G1007","group_id":"454402a3-0503-45bf-b2e0-177fa2e2d412","name":"Aoqin Dragon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6454b1c6-e2ac-46be-8995-e928d2677c88","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"48d60461-31a8-474b-a171-77ad1f2aaa7f","name":"HFS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3440","tidal_id":"16f3ae46-6bd2-54eb-8a0d-8b207c670c0c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7a7bb53-51cb-4cc8-bdcb-35d2f3663750","name":"HTTP File Server","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"21594ab2-4607-4a2d-89ed-2245ba3442f8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ef65501c-1261-4cc1-b00f-dfbcd41ec97e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"cb77e3d2-08a9-45b4-9ebb-2cfc86d873be","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4335a1e9-27dc-4ecb-b47d-f3f65aa250d6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9ac0fd5d-612a-4cfc-9b1e-ab7f5118e296","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1f87d3e3-5a11-4183-9ee0-3b8104ef3e30","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"8e083bca-22e0-499f-b645-5e137b29c7e3","tag":"d20efbce-b76a-434b-aab7-5b268ed4b2e6"}],"owner_name":"TidalCyberIan"},{"id":"5a0d0b83-5a10-425c-98f7-6cb8eb76fda4","name":"Hh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3231","tidal_id":"707290f9-9af5-5e90-9b91-e6b408e83f31","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"acbf1a21-fa53-4553-8dba-e99b4051b9e0","name":"Hh.exe","description":"[[Hh.exe - LOLBAS Project](/references/4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc)]","source":"Tidal Cyber","associated_software_id":"8e6a3da3-bab4-40d8-b501-b6a986cbf2df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e8ad56e4-db34-4c71-a450-e8da25c5f140","tag":"7d028d1e-7a95-47f0-9367-55517f9ef170"},{"id":"e30d7fc9-bd22-4f5e-bf0f-ecd00b024a74","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c344e3c8-596f-44a6-9bbc-1a1a89e86693","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a2030633-2fcc-4a00-83f4-cf65789e5a63","name":"HiddenFace","type":"malware","source":"Tidal Cyber","software_attack_id":"S3464","tidal_id":"17e72187-b7f2-5cbb-9d21-a7522c62b714","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b71b520a-b5fe-4469-8a08-6fd6e9097d74","name":"NOOPDOOR","description":"[[The Hacker News MirrorFace January 9 2025](/references/38bfe50e-6526-48ee-9797-e403d3a431dd)]","source":"Tidal Cyber","associated_software_id":"9f7be70e-bc98-4f75-9584-e5fa23be4cb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e71786c6-2058-4219-ada8-d115ca3664d6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"57e72c49-daca-4e46-9268-facd5cc831ae","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"edbaa3cd-b60e-417d-85c4-f9177edd7b0d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ec02fb9c-bf9f-404d-bc54-819f2b3fb040","name":"HiddenWasp","type":"malware","source":"MITRE","software_attack_id":"S0394","tidal_id":"4ca59514-6544-5fa1-b85e-c13fb755fc1f","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ce1af464-0b14-4fe9-8591-a6fe58aa96c7","name":"HIDEDRV","type":"malware","source":"MITRE","software_attack_id":"S0135","tidal_id":"a73958cf-857e-5c08-80b4-4d009da47454","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"beb49db2-121c-49b2-9d1d-2e43d68e7b69","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"8046c80c-4339-4cfb-8bfd-464801db2bfe","name":"Hikit","type":"malware","source":"MITRE","software_attack_id":"S0009","tidal_id":"64dfdbb7-00c7-57ad-b42a-19f41e979b5d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)][[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7ef8cd3a-33cf-43bb-a3b8-a78fc844ce0c","name":"Hildegard","type":"malware","source":"MITRE","software_attack_id":"S0601","tidal_id":"f912215e-3959-5611-a690-fb073c237975","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"69826802-7b16-5c4e-92f5-72f9354e29e5","name":"GCP"},{"id":"996aa968-bd71-5b30-9b76-eaab9a19a1c8","name":"AWS"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Hildegard Malware](https://app.tidalcyber.com/references/0941cf0e-75d8-4c96-bc42-c99d809e75f9)]","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"de9f519f-e205-44f9-bf61-d68f9fa55077","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"b29cbce6-5eec-493a-a634-1d0a823f0a0e","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"d45d0c9e-192d-4063-a9d8-66d56ce77245","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"1e8a8e8d-df07-40a2-a4a4-89f188e8ce74","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"af9665fc-b7bd-4c3f-a5a7-4b78fb15ccf8","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":null},{"id":"d4f74243-0d2d-4095-b66a-6d8291019125","name":"HIUPAN","type":"malware","source":"Tidal Cyber","software_attack_id":"S3174","tidal_id":"d5349063-4003-59d3-800e-faa54c0db309","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e272665e-bd73-46b5-8f94-211a0a805e6d","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"5453e806-3186-4c97-a442-90276342bafe","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4210c4a8-74a7-48ca-ab0b-175b748762d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ee3315ab-68ab-4e22-9ebe-f0e57ee6db39","name":"Hive Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3390","tidal_id":"3fc9b3fe-54f6-5be0-91b3-0f10cd36ec7d","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2f2ed963-fca4-4368-8630-8be9b8d50070","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"e86bc61d-6155-488e-9a2d-33ba8d484e2c","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"50504e7e-2f6b-47e2-8fc4-bbfce241f002","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"71689c04-0c90-456b-ba4d-165a1a940a2d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"286184d9-f28a-4d5a-a9dd-2216b3c47809","name":"Hi-Zor","type":"malware","source":"MITRE","software_attack_id":"S0087","tidal_id":"7424bbf7-e73b-5334-b1ea-a6de3d4e27fa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"408f0f00-7376-4a1c-a600-be9477a93813","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"16db13f2-f350-4323-96cb-c5f4ac36c3e0","name":"HOMEFRY","type":"malware","source":"MITRE","software_attack_id":"S0232","tidal_id":"59ea2b30-fd34-5543-8d8d-75e82b6d663d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4d94594c-2224-46ca-8bc3-28b12ed139f9","name":"HOPLIGHT","type":"malware","source":"MITRE","software_attack_id":"S0376","tidal_id":"a2bc2697-d3d1-5954-9f88-bcf0208fc514","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA AA20-239A BeagleBoyz August 2020](https://app.tidalcyber.com/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[US-CERT HOPLIGHT Apr 2019](https://app.tidalcyber.com/references/e722b71b-9042-4143-a156-489783d86e0a)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a00e7fcc-b4e8-4f64-83d2-f9db64f0f3fe","name":"HotCroissant","type":"malware","source":"MITRE","software_attack_id":"S0431","tidal_id":"7151e53a-1f35-526b-a97c-fa87687def73","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT HOTCROISSANT February 2020](https://app.tidalcyber.com/references/db5c816a-2a23-4966-8f0b-4ec86cae45c9)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4a5d22a3-91c9-4026-b2aa-48e539cb3ca4","name":"HRSword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3494","tidal_id":"14ba00bf-d6ed-513f-8b64-d9e3d1fb124d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f8b9e05e-6518-4c71-bcc4-1c931382d27c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"25b80ef6-82f1-4cd2-b1c2-0a4a467eb0fc","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"da8b0598-3646-4bfc-8861-7bc71556c6e6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ae5b0d75-ee00-4f47-9efd-a23d0349aa20","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"4f32a29b-92d5-4c48-a4ae-6092b1639e66","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"480f461b-1d62-4743-b303-48afda8eb29e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"e69192c2-1cb9-4714-b597-30da9ee6ca77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c5cd43d0-7050-48de-a88b-6f8162fec5f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b98d9fe7-9aa3-409a-bf5c-eadb01bac948","name":"HTRAN","type":"tool","source":"MITRE","software_attack_id":"S0040","tidal_id":"d95b0333-7642-5496-a5b9-74379e9e41ae","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"12a85307-c7c4-4388-978e-a32b47544c2e","name":"HUC Packet Transmit Tool","description":"[[Operation Quantum Entanglement](https://app.tidalcyber.com/references/c94f9652-32c3-4975-a9c0-48f93bdfe790)]","source":"MITRE","associated_software_id":"033ae561-8c4e-4b67-995b-b408c39a5c31","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Trend Micro IXESHE 2012](https://app.tidalcyber.com/references/fcea0121-cd45-4b05-8c3f-f8dad8c790b3)]","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f3578249-26eb-486e-be52-59eb39da799e","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"c4fe23f7-f18c-40f6-b431-0b104b497eaa","name":"HTTPBrowser","type":"malware","source":"MITRE","software_attack_id":"S0070","tidal_id":"11e2bb92-1d49-5fe6-8c42-17da019c2ae7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1a0c9f6c-1d5e-4246-ab14-99c3f95069a9","name":"Token Control","description":"","source":"MITRE","associated_software_id":"e0a43dd6-f2c2-4468-bbb8-7413097b6cf3","owner_id":null,"owner_name":null},{"id":"c5397b7f-9112-4253-ab17-1af3aa3d22db","name":"HttpDump","description":"[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]","source":"MITRE","associated_software_id":"ae7376fa-b847-4417-bb29-f0316d507a30","owner_id":null,"owner_name":null}],"groups":[{"description":"[[RSA2017 Detect and Respond Adair](https://app.tidalcyber.com/references/005a276c-3369-4d29-bf0e-c7fa4e7d90bb)]","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)][[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)][[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)][[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bf19eba4-7ea1-4c24-95c6-6bcfb44f4c49","name":"httpclient","type":"malware","source":"MITRE","software_attack_id":"S0068","tidal_id":"f7f7a690-0678-589f-b893-68718772671d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2df88e4e-5a89-5535-ae1a-4c68b19d9078","name":"HUI Loader","type":"malware","source":"MITRE","software_attack_id":"S1097","tidal_id":"0e529349-a10c-54e3-b191-22ac3e3f2e6e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)][[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f90c6a11-2f2a-4ec1-996b-7a62e425d1d4","name":"Hunters International Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3391","tidal_id":"58086c01-c253-5f1a-ade0-7fb5560c7909","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Bitdefender Hunters International November 9 2023](/references/ae0a88d6-bd46-4b22-bfb1-25003bfe83d7)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0e7b12d1-8a2e-4b8d-9495-c954de4ae60c","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"7be4f115-2d5f-499e-8067-ecc3c62b0943","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7cd06522-5cff-4f2b-a698-5da4f529cfb9","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"460e417a-199e-47b7-8339-135008e5b600","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"d8f8aab7-a26d-4d4d-b8a8-5dde47904f32","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f296fb12-1d5a-4019-b9d5-7e082386abcf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4ffbca79-358a-4ba5-bfbb-dc1694c45646","name":"Hydraq","type":"malware","source":"MITRE","software_attack_id":"S0203","tidal_id":"3754ad8c-1276-555e-af85-b93f60989221","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1c5cde21-0bdc-41db-8090-f4ad65fb5cef","name":"HomeUnix","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"dd780c01-a937-4658-83bd-46a65c054c94","owner_id":null,"owner_name":null},{"id":"19dfc9b6-80c7-4fdc-9899-efa6d85f45bb","name":"HydraQ","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"af34fe17-6c8c-4acb-af9a-e5690b6badf2","owner_id":null,"owner_name":null},{"id":"c3116a93-2c85-40b3-8c38-b6914bf8e52c","name":"Aurora","description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)][[Symantec Trojan.Hydraq Jan 2010](https://app.tidalcyber.com/references/10bed842-400f-4276-972d-5fca794ea778)]","source":"MITRE","associated_software_id":"259df672-c6da-4aa9-9bdb-4bc2031ad5c4","owner_id":null,"owner_name":null},{"id":"1c724041-1424-4431-b35e-e731a886dfcb","name":"Roarur","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"6289f8d1-0b84-47ff-ba58-cfd3e14776d7","owner_id":null,"owner_name":null},{"id":"b066e03b-37be-4d57-822a-9eed4d5e83ff","name":"MdmBot","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"6c573ae8-c8be-47df-8f2c-37cf44682526","owner_id":null,"owner_name":null},{"id":"2d063ba3-d6c7-4e2c-b224-1894b230a870","name":"Homux","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"18a743ce-f743-41af-8769-af48e3e327b8","owner_id":null,"owner_name":null},{"id":"95d5fcdf-cc1e-4ebe-bb3e-7e23083f8305","name":"HidraQ","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"bfb0d570-1fd7-406c-bce3-f9185b1049cf","owner_id":null,"owner_name":null},{"id":"dd0bc3f5-c55b-4be5-875d-a240b55a8775","name":"McRat","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"909a0326-a18f-4c92-8f57-f3dc18df4cd5","owner_id":null,"owner_name":null},{"id":"a68cc5bd-23a2-40a7-9576-c50d26702d81","name":"9002 RAT","description":"[[MicroFocus 9002 Aug 2016](https://app.tidalcyber.com/references/a4d6bdd1-e70c-491b-a569-72708095c809)]","source":"MITRE","associated_software_id":"b5319b1f-bc11-4e2b-8018-f5cb021fbc4f","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)][[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"57cec527-26fb-44a1-b1a9-506a3af2c9f2","name":"HyperBro","type":"malware","source":"MITRE","software_attack_id":"S0398","tidal_id":"c2248993-caff-508e-9133-5187db271561","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)][[Securelist LuckyMouse June 2018](https://app.tidalcyber.com/references/f974708b-598c-46a9-aac9-c5fbdd116c2a)][[Hacker News LuckyMouse June 2018](https://app.tidalcyber.com/references/de78446a-cb46-4422-820b-9ddf07557b1a)][[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)][[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"779db495-a136-421e-a4ca-391f5176a0dd","tag":"84e6dbc1-98c7-4619-b796-a8c8d562ea7b"},{"id":"b6f3848a-b778-4fbd-85f1-16527bd428e4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ba3236e9-c86b-4b5d-89ed-7f71940a0588","name":"HyperStack","type":"malware","source":"MITRE","software_attack_id":"S0537","tidal_id":"afb6251f-abd9-539e-b1bc-8ee667778e7b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Accenture HyperStack October 2020](https://app.tidalcyber.com/references/680f2a0b-f69d-48bd-93ed-20ee2f79e3f7)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5a73defd-6a1a-4132-8427-cec649e8267a","name":"IceApple","type":"malware","source":"MITRE","software_attack_id":"S1022","tidal_id":"74638186-f53d-5e2e-aa65-44866705f298","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7f59bb7c-5fa9-497d-9d8e-ba9349fd9433","name":"IcedID","type":"malware","source":"MITRE","software_attack_id":"S0483","tidal_id":"37e8ccfe-0a2a-5727-b4f3-8c848d2075de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)][[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)][[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)][[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Google TAG Ukraine IABs September 7 2022](/references/848da19d-b02d-4b78-b3c1-a72d5034fd45)]","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7890bf24-e793-4e24-8f68-f5c42e229070","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"efa3a005-2d45-47a5-b88a-344273c39553","tag":"7d2804e4-a4e4-4ef7-acd5-2fca9cc92556"},{"id":"0f76b182-230a-41b7-828a-f892138beaf6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1c0ab9a0-eb02-4428-a319-83a504e1b22b","name":"Idumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3159","tidal_id":"91c5bdfd-2696-5599-b23d-4297ff8df62c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"88130923-f148-4d4b-b29f-398e4b484f5f","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"204a0597-c949-4e65-9c1f-4bd2af4ea879","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"86d4b84e-3b5b-4e19-ac7d-1d9603203ee3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"332e37c0-63fe-4e99-85a9-94210d42c21d","name":"Ie4uinit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3233","tidal_id":"2f62bbc9-062a-5e74-a788-8690f5043468","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4dfd5be2-3e5d-4519-b431-df051c43fceb","name":"Ie4uinit.exe","description":"[[Ie4uinit.exe - LOLBAS Project](/references/01f9a368-5933-47a1-85a9-e5883a5ca266)]","source":"Tidal Cyber","associated_software_id":"a211a6fa-b203-46df-b2d2-244a92bd310c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"cea07724-6a2c-40e5-940c-d02e47da4c2e","tag":"f32f1513-7277-4257-9c35-c8ab3da17c84"},{"id":"5cecc3fa-2052-45da-9937-5093e91f313b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d40f3000-a013-46ad-9eda-02b81c282843","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e1aa3cbd-2337-47d6-b6b0-beb5d1bbfc1e","name":"Ieadvpack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3311","tidal_id":"87458e44-d3e3-51dd-80c0-219c250f3849","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d97d63bc-8649-47f0-bc00-f53fd189ea75","name":"Ieadvpack.dll","description":"[[Ieadvpack.dll - LOLBAS Project](/references/79943a49-23d6-499b-a022-7c2f8bd68aee)]","source":"Tidal Cyber","associated_software_id":"da3647b2-1431-4292-affb-9e24d647a6fe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"35c58a1d-1e2a-43d4-9d12-2d15fc5bc78c","tag":"e794994d-c38a-44d9-9253-53191ca9e56b"},{"id":"e243d77c-d66b-4346-b929-17c30cd86d5b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d5e8c938-81d4-4178-a25e-adc1c39b2213","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1feba268-9fff-495f-94e9-5b46336bff3b","name":"iediagcmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3234","tidal_id":"eaee1490-ce5c-5dc8-97c4-a8b1301baa79","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad6c5eef-c940-4c56-ad58-39336d0fcf3e","name":"iediagcmd.exe","description":"[[iediagcmd.exe - LOLBAS Project](/references/de238a18-2275-497e-adcf-453a016a24c4)]","source":"Tidal Cyber","associated_software_id":"8d176fe1-a0f6-48a6-a0d8-ac71faddcc0c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"33c5e23b-42b4-428a-9eac-639f6c1bc3bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"22b970ca-7e2c-41e6-bd3e-2545a074a897","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7ede205-4d50-42c3-92d0-4988aca5c4a1","name":"Ieexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3235","tidal_id":"5b34b55b-662f-5c43-b09e-0a941b621708","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4450e721-4fe6-4e03-88db-d8793ba3df42","name":"Ieexec.exe","description":"[[Ieexec.exe - LOLBAS Project](/references/91f31525-585d-4b71-83d7-9b7c2feacd34)]","source":"Tidal Cyber","associated_software_id":"77a7429e-b1bb-4172-9fc5-3a37a4cedddc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ff758969-a41a-467c-b443-6cf2c564b7ef","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a0469d97-3735-451f-9836-97084f053fea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57072f02-06c1-4267-b665-fbbf72b96bb4","name":"Ieframe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3312","tidal_id":"a35dc9fa-6b3f-5eeb-9e2f-be4220dc50ee","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a21f5def-f93d-4692-b575-5af953594e52","name":"Ieframe.dll","description":"[[Ieframe.dll - LOLBAS Project](/references/aab9c80d-1f1e-47ba-954d-65e7400054df)]","source":"Tidal Cyber","associated_software_id":"567ab907-8765-400b-8dd5-61182ddd8db6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dfe5a511-c89b-4f7e-bf8a-931fb4faea34","tag":"fc23fb85-8c48-4f0b-aeb6-b78fd6e25e0a"},{"id":"07c73f07-3458-4cb0-94d0-17e8ed5446c7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a50517be-e451-46f8-a6ed-1f2673463216","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"93ab16d1-625e-4b1c-bb28-28974c269c47","name":"ifconfig","type":"tool","source":"MITRE","software_attack_id":"S0101","tidal_id":"c8db3d3e-b49c-5092-9916-bba271331307","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"71098f6e-a2c0-434f-b991-6c079fd3e82d","name":"iKitten","type":"malware","source":"MITRE","software_attack_id":"S0278","tidal_id":"3aa7e310-ba4f-5f31-b001-390ddde21c87","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"480e45eb-deb2-4844-8eab-10649d33a5d2","name":"OSX/MacDownloader","description":"[[objsee mac malware 2017](https://app.tidalcyber.com/references/08227ae5-4086-4c31-83d9-459c3a097754)].","source":"MITRE","associated_software_id":"1ffb9eb7-4c5b-4d88-93a5-79f250715502","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"492104c0-79d6-461e-9dc5-0e4bfd3f2387","name":"Ilasm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3236","tidal_id":"a79197b9-1839-523d-bd22-b0546c65dda1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ecc55905-6b8d-41a5-af76-a9cb6d65ccfc","name":"Ilasm.exe","description":"[[Ilasm.exe - LOLBAS Project](/references/347a1f01-02ce-488e-9100-862971c1833f)]","source":"Tidal Cyber","associated_software_id":"49269d59-3a99-4362-83ea-41207ee591b4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"89c7bc11-db94-407a-8944-1153dfb11130","tag":"8bcce456-e1dc-4dd0-99a9-8334fd6f2847"},{"id":"f953062f-1931-47df-8fc6-b80efb040643","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"dba03d6f-a972-4699-97a2-654b9d89a9a2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d43656c3-e1f1-415c-8f40-be05175dde1a","name":"ImageMagick","type":"tool","source":"Trellix TIG","software_attack_id":"S3396","tidal_id":"98b390e7-1848-5909-a2dd-9599262d9820","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b","name":"IMAPLoader","type":"malware","source":"MITRE","software_attack_id":"S1152","tidal_id":"0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[IMAPLoader](https://app.tidalcyber.com/software/0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b) was deployed by [CURIUM](https://app.tidalcyber.com/groups/ab15a328-c41e-5701-993f-3cab29ac4544) as a post-exploitation payload from strategic website compromise.[[PWC Yellow Liderc 2023](https://app.tidalcyber.com/references/e473a371-2f34-5391-8888-42082b0a1904)]","group_attack_id":"G1012","group_id":"ab15a328-c41e-5701-993f-3cab29ac4544","name":"CURIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"98315d72-a446-4c98-b4b5-8e49b323d8b2","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"2ef7c673-a0dc-4773-a9fd-337ed68d9b0b","name":"IMEWDBLD","type":"tool","source":"Tidal Cyber","software_attack_id":"S3232","tidal_id":"87b47664-f1f2-5e51-b69e-78b46df94855","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3cf117d3-8636-4cdd-bc1a-a9623d950a76","name":"IMEWDBLD.exe","description":"[[IMEWDBLD.exe - LOLBAS Project](/references/9d1d6bc1-61cf-4465-b3cb-b6af36769027)]","source":"Tidal Cyber","associated_software_id":"12fa3dba-d84c-490d-bb72-88b54edf663c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b4aaa56d-4561-49ae-96e6-3a4be1a4f82d","tag":"796962fe-56d7-4816-9193-153da0be7c10"},{"id":"665e6a2a-cb19-4c66-9051-f7955e7595e1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d167e37f-b02a-464a-aace-2ab9721c77cf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"925fc0db-9315-4703-9353-1d0e9ecb1439","name":"Imminent Monitor","type":"tool","source":"MITRE","software_attack_id":"S0434","tidal_id":"f5769364-bb18-5c60-b21a-e00b4a2d4e89","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[QiAnXin APT-C-36 Feb2019](https://app.tidalcyber.com/references/cae075ea-42cb-4695-ac66-9187241393d1)]","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"630813ad-0a01-49ce-b0f7-8b80a49f6a52","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c","name":"Impacket","type":"tool","source":"MITRE","software_attack_id":"S0357","tidal_id":"262c459d-b3e5-5972-9c15-af8a8b93ecdb","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)][[Core Security Impacket](https://app.tidalcyber.com/references/9b88d7d6-5cf3-40d5-b624-ddf01508cb95)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral movement activity.[[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)][[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral movement and process execution in victim environments.[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)][[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Velvet Ant](https://app.tidalcyber.com/groups/f1c80880-e3ed-5223-90f5-840a3b89fe39) used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral tool transfer and remote process execution.[[Sygnia VelvetAnt 2024A](https://app.tidalcyber.com/references/daa0360d-8a50-5256-8c95-cf68a3e7bb90)]","group_attack_id":"G1047","group_id":"f1c80880-e3ed-5223-90f5-840a3b89fe39","name":"Velvet Ant","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) to dump LSA secrets on one of the domain controllers in the victim network.[[apt41_dcsocytec_dec2022](https://app.tidalcyber.com/references/fad90e96-93fd-59bd-970e-f0b37cac331d)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Tarrask scheduled task](https://app.tidalcyber.com/references/87682623-d1dd-4ee8-ae68-b08be5113e3e)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)][[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Prestige ransomware October 2022](https://app.tidalcyber.com/references/b57e1181-461b-5ada-a739-873ede1ec079)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) during operations.[[Cisco LotusBlossom 2025](https://app.tidalcyber.com/references/9b7db916-e62f-5d7e-9574-a85198665a5a)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bitdefender FIN8 July 2021](https://app.tidalcyber.com/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)][[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a5b83111-4ff5-44f1-a992-dbc1e2f42449","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"ba62c297-0ba6-4a93-a1de-461124f79082","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"41379cdd-5faf-4929-aaef-fea835a4a397","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fcf0905e-4a70-442b-a54d-ea6163339ab9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ff5f51e6-3c29-414a-b67e-ae11d2b6aa5a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"ac7065b2-735d-4588-aeed-09ce43554115","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"057ec979-1cc8-4372-844c-4fa40bf4bce1","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"726d4475-7c25-4227-beb1-4a4825d051d3","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"dae5df5e-204b-4f41-8bc5-904dddbefa3b","tag":"6a80006a-ff1c-48e8-bb6f-d109d7b7a2fc"},{"id":"cef18414-859e-4b93-9e58-cf1f16182649","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"cdfaad29-0e92-455c-b649-5d263763f422","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"dde8b5a8-f0cf-4d60-b029-ebe9d54f1d93","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"087cff4e-2aec-4058-90b2-dc7edcdfbccf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a8bab8a3-cbd2-4983-83de-ff243ba0db92","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"85533a86-dbd2-4aab-a4d2-5655fe6755bd","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"71de49a2-5216-490d-9aa4-8f4cd5f4f2b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"640a2eda-3ca9-4b9b-9953-2ab6d48c3c50","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"91c16d40-bb3a-40b3-90d0-9ee792c80d78","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"814df4bb-4f5a-5097-af8b-85622a4803ba","name":"INC Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1139","tidal_id":"814df4bb-4f5a-5097-af8b-85622a4803ba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason INC Ransomware November 2023](https://app.tidalcyber.com/references/ebe119d6-add3-5a1b-8e5f-b6419f246ba9)][[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"eb2772dd-a820-420a-810f-618e6bb39c39","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9556d755-05de-4d2e-8b69-1d4cc8d743ec","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"09398a7c-aee5-44af-b99d-f73d3b39c299","name":"Industroyer","type":"malware","source":"MITRE","software_attack_id":"S0604","tidal_id":"101dd3f0-7318-5e22-b8bd-2c9157293f9d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f0101fc7-be8d-4460-8444-779813c409d5","name":"CRASHOVERRIDE","description":"[[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)]","source":"MITRE","associated_software_id":"4bf0e893-5e72-48aa-898a-7dfeffa7781a","owner_id":null,"owner_name":null},{"id":"2e8fe68a-5bf5-4850-97e8-7be79236812a","name":"Win32/Industroyer","description":"[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]","source":"MITRE","associated_software_id":"5e72df38-9dd3-4b0a-a0da-d98cd732e823","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)][[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)][[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)][[Secureworks IRON VIKING](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)][[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f470f30b-b74f-4186-89bb-eacda3d4c885","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"43afe30b-be32-467b-a9a0-6fedbbf2e31d","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"17eb91d4-d31b-4eeb-95ea-be6c4687052e","tag":"37dff778-95a6-4e51-a26a-1d399ef713be"}],"owner_name":null},{"id":"53c5fb76-a690-55c3-9e02-39577990da2a","name":"Industroyer2","type":"malware","source":"MITRE","software_attack_id":"S1072","tidal_id":"c8211882-a2b6-51c1-bac2-414e568addbb","platforms":[],"associated_software":[],"groups":[{"description":"[[Industroyer2 ESET April 2022](https://app.tidalcyber.com/references/3ec01405-3240-5679-924f-f1194bca9a72)][[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2adc9ee8-f981-4fda-bf8b-3c116c2108a7","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"667368cc-4c84-4f6b-beb0-3350faf06795","tag":"37dff778-95a6-4e51-a26a-1d399ef713be"}],"owner_name":null},{"id":"e35b5513-4370-4f8c-b3a6-1f64c65f1e85","name":"Infdefaultinstall","type":"tool","source":"Tidal Cyber","software_attack_id":"S3237","tidal_id":"07d85c6f-d1f3-52f5-b357-5248e5c56559","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c83a5539-de50-46fd-b8e9-d7debdfc92ee","name":"Infdefaultinstall.exe","description":"[[Infdefaultinstall.exe - LOLBAS Project](/references/5e83d17c-dbdd-4a6c-a395-4f921b68ebec)]","source":"Tidal Cyber","associated_software_id":"54922044-3d2e-4885-b314-2c0e2628fd75","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"36043430-bdbc-47dd-b921-cde86f81babc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"caffeb58-989c-4341-a1d4-00e0396a79e9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e42bf572-1e70-4467-a4b7-5e22c776c758","name":"InnaputRAT","type":"malware","source":"MITRE","software_attack_id":"S0259","tidal_id":"8242a0ca-9f58-50e9-bfe8-a017088a5880","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c983bb77-b96c-44d5-b3f8-2540d7c604db","name":"Installutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3238","tidal_id":"c8a3c093-1739-523b-8f32-800d37f01f86","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8584527d-8295-412a-a88b-69339f8878b7","name":"Installutil.exe","description":"[[LOLBAS Installutil](/references/7dfb2c45-862a-4c25-a65a-55abea4b0e44)]","source":"Tidal Cyber","associated_software_id":"91100384-d619-4bf1-9f83-7ffc16d777f2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"3a82cc05-4d79-4d79-890f-3fc3bcf4a93a","tag":"a3f84674-3813-4993-9e34-39cdaa19cbd1"},{"id":"35f86979-a5ca-48d5-8859-9448c1514c22","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8b3f8d2e-40d3-49f3-b364-b6ce04fe12a1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9ec3777d-9a36-4822-a3e2-a7ce5d296309","name":"Interactsh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3073","tidal_id":"b3ce2a71-1dca-51fd-b883-a4059eee4796","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c9f20c45-80cc-45e2-b082-e3036ee66d8b","name":"Interact.sh","description":"","source":"Tidal Cyber","associated_software_id":"0ea31764-5a77-4510-b873-ca1e8bdaf90e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9d4766ba-29a2-48c4-8bbb-ef9710c2da84","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3fbf3bb6-4358-4957-b669-d980b6b4cd12","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":"TidalCyberIan"},{"id":"5658f260-8e96-4fa5-9863-189660048e5d","name":"Inveigh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3113","tidal_id":"1d6531ed-bb25-533b-a40e-bf7f7245a170","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2adcc6a3-ad60-40fc-bb56-dec4e994c4d2","name":"InveighZero","description":"","source":"Tidal Cyber","associated_software_id":"7385f108-d325-4e77-a179-1c57606bee6f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f632a1d2-f586-4e4f-8d9a-5c7d1ce256c8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"717499a9-753b-4117-b989-f15fa0f018ba","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"c193f8cf-f958-4bdb-a86d-7d75ccc54ffe","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"77bb5fb6-eb75-471f-a9ea-7fd6b57f13e4","name":"InvisibleFerret","type":"malware","source":"Tidal Cyber","software_attack_id":"S3472","tidal_id":"ce35db44-c8dd-5863-be29-0af894ecb274","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)][[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4fb5eddf-d93c-430b-a655-ec04da80e368","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8271af6a-a28f-4b9c-bcb2-717e38d0f42d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f046c0e5-9f07-4a93-87b9-8271129d9e7d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3ee4c49d-2f2c-4677-b193-69f16f2851a4","name":"InvisiMole","type":"malware","source":"MITRE","software_attack_id":"S0260","tidal_id":"3a3a3861-8961-52b5-b69f-c27e605a48fb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9226fb35-bfe7-40ab-880d-f61119315d61","name":"Invoke-Expression","type":"tool","source":"Trellix TIG","software_attack_id":"S3466","tidal_id":"f0cde4c4-34a3-567a-974b-d3847a34479c","platforms":[],"associated_software":[{"id":"ce2a5f73-4119-4460-ad4b-e8e67d345743","name":"Invoke Expression","description":"","source":"Trellix TIG","associated_software_id":"e757e3a2-cd73-40b1-a39e-1d15892057ec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b51b9a88-9b41-44fa-98c6-f1dde314a7a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2200a647-3312-44c0-9691-4a26153febbb","name":"Invoke-PSImage","type":"tool","source":"MITRE","software_attack_id":"S0231","tidal_id":"6649f35b-a470-5dc7-b828-220a05b32e86","platforms":[],"associated_software":[],"groups":[{"description":"[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9c955014-2d83-4b5b-9127-cfc49e86779f","name":"IOBit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3104","tidal_id":"9af4d0a6-b335-58a6-ae9e-cb8b60effd92","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4ec3cc5c-0e81-4208-ae7d-3f3372dfae2a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b0f86909-89bb-4ced-a37d-fe66d77e6aff","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"76f8850b-eece-49ef-b6c3-8bb201b71863","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9de6a3bc-ce02-4187-8ae7-7cd392997bfc","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"79544256-6f93-4ffa-990b-c309f1c568e6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"59e8058e-d259-4623-90d5-e3b34534eff3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9ed9f440-9c7c-4bc4-a610-2608716a44ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6c752673-e9d5-407c-95a4-5fa170c713d6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"52a61ad0-c259-4738-9fdb-4d45b0b0e839","name":"iodine","type":"tool","source":"Trellix TIG","software_attack_id":"S3409","tidal_id":"6c1a94c0-42f1-5a67-ac2e-184eebd369cc","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"f28431cd-1d07-4cf2-bf22-118306dbd8c4","name":"IOX","type":"tool","source":"Tidal Cyber","software_attack_id":"S3439","tidal_id":"b91d569c-949d-561f-89f9-8b04025c5858","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b2764e0e-f436-4313-962a-dd9b6c3b9058","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6372eef5-bee1-40d6-9bf6-5cc115f9c83d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ec2911c4-d171-4f9c-a03b-981aedf8b9c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"934c3078-6aef-4594-bb87-a62d43603b19","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"08fe1472-bd7b-4765-ae78-bd8d5b6a3089","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fcd35c81-84bc-4894-9e87-ffd3d6afc790","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":"TidalCyberIan"},{"id":"4f519002-0576-4f8e-8add-73ebac9a86e6","name":"ipconfig","type":"tool","source":"MITRE","software_attack_id":"S0100","tidal_id":"c80651cd-fe09-5d7a-b984-16542649093a","platforms":[],"associated_software":[],"groups":[{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ClearSky Siamesekitten August 2021](https://app.tidalcyber.com/references/9485efce-8d54-4461-b64e-0d15e31fbf8c)][[Zscaler Lyceum DnsSystem June 2022](https://app.tidalcyber.com/references/eb78de14-8044-4466-8954-9ca44a17e895)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)][[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)][[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"2ab9c361-9982-4adb-b6d2-5fe101d6174c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1fcc6e2d-0940-459b-a942-f5624e31e6ee","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"288a8c0c-7dde-4e30-8597-7488c0ef3135","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fea70c49-5338-4922-a21d-edae6ea07365","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"2874da85-2115-42a8-90f8-bd70e19392b8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"4a8093e7-7458-452f-90dd-ad759254929f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9b680e5f-f19f-4831-acf4-f01c20e8c14a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"aa520261-82d7-4deb-80a1-29580992a29c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"62b23e79-fae9-49b7-b507-172c3e68e416","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"791315ed-12b6-496a-b80c-83da9db47992","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"e6fa005e-4690-5336-8a03-5f667ea38f3f","name":"IPsec Helper","type":"malware","source":"MITRE","software_attack_id":"S1132","tidal_id":"e6fa005e-4690-5336-8a03-5f667ea38f3f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) uses [IPsec Helper](https://app.tidalcyber.com/software/e6fa005e-4690-5336-8a03-5f667ea38f3f) as a post-exploitation remote access tool framework.[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f6873a7-f2e5-455e-b860-20cb437a19ff","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9ca96281-8ff9-4619-a79d-16c5a9594eae","name":"IronNetInjector","type":"tool","source":"MITRE","software_attack_id":"S0581","tidal_id":"c432c81b-1048-5d06-a40a-018fa840e6bc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 IronNetInjector February 2021 ](https://app.tidalcyber.com/references/f04c89f7-d951-4ebc-a5e4-2cc69476c43f)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"865c8a96-3f78-4afe-a759-887d885ae333","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"752ab0fc-7fa1-4e54-bd9a-7a280a38ed77","name":"ISMInjector","type":"malware","source":"MITRE","software_attack_id":"S0189","tidal_id":"1df3fa9c-0fd6-5fac-b30a-8762a5f9abef","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[OilRig New Delivery Oct 2017](https://app.tidalcyber.com/references/f5f3e1e7-1d83-4ddc-a878-134cd0d268ce)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24dba715-5b5e-4feb-9190-ecdfad0e3935","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"6dbf31cf-0ba0-48b4-be82-38889450845c","name":"Ixeshe","type":"malware","source":"MITRE","software_attack_id":"S0015","tidal_id":"24878e4c-ecf9-5abb-ab25-86cb124f2d78","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Moran 2013](https://app.tidalcyber.com/references/d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f)][[Moran 2014](https://app.tidalcyber.com/references/15ef155b-7628-4b18-bc53-1d30be4eac5d)]","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0eb47e25-56ec-42ba-9850-e50450b853e0","name":"Jaguar Tooth","type":"malware","source":"Tidal Cyber","software_attack_id":"S3067","tidal_id":"ec280e4d-3595-5833-9606-f917e6f64aa1","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA APT28 Cisco Routers April 18 2023](/references/c532a6fc-b27f-4240-a071-3eaa866bce89)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5f472b60-36a4-423d-8d5c-c1e81da013f6","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"685ce7aa-0c57-4211-b38f-f4c42eebb362","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"f7c24d36-6bc0-4024-96b4-f7159a3f88e6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"89fb915e-4e05-42b3-9a68-6167e0cbb64e","tag":"f01290d9-7160-44cb-949f-ee4947d04b6f"},{"id":"9e4f7c74-4fed-4cab-8c3c-405cf7d391cc","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"a4debf1f-8a37-4c89-8ebc-31de71d33f79","name":"Janicab","type":"malware","source":"MITRE","software_attack_id":"S0163","tidal_id":"76905fdf-1928-5f1c-bc8e-fed5452ad5d8","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"853d3d18-d746-4650-a9bd-c36a0e86dd02","name":"Javali","type":"malware","source":"MITRE","software_attack_id":"S0528","tidal_id":"90c09859-e5c3-5779-8282-f69014832122","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c862b68d-585f-4076-8f37-647b98c15232","name":"JavaScript","type":"tool","source":"Trellix TIG","software_attack_id":"S3415","tidal_id":"6021c4bf-b039-5ccf-add2-e3e1e3d6606d","platforms":[],"associated_software":[{"id":"789b2af3-12a3-4fa9-8c87-d6fae6d5f1e0","name":"JScript","description":"","source":"Trellix TIG","associated_software_id":"cc47f13d-4b35-4935-958e-97d57d5507a7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"46c58762-babb-471e-966d-87568933864d","name":"js","description":"","source":"Trellix TIG","associated_software_id":"ad998bd1-217d-449f-ad1b-24e9614a3209","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c1c80246-6085-4837-af85-073d6348d60a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"489f6742-3690-4b38-ba2d-b905ad0b0ee8","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"404e448c-a243-4e3a-956d-299792d0f1be","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"87f96413-a1d7-4dd3-8b7d-19d77c06905f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"e9b43193-4a5b-4df0-9ca2-1ba4a0642942","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"41ec0bbc-65ca-4913-a763-1638215d7b2f","name":"JCry","type":"malware","source":"MITRE","software_attack_id":"S0389","tidal_id":"76d3c935-6802-5178-a0c9-f2d6ff9ddb3f","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"cd61977a-b4a4-49ea-889e-c217bee3c7ee","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9692aa12-04dc-4a0d-8c5a-8640740ddcd1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"d50ef3fc-7d1c-4a82-b1cf-2319d83da3ae","name":"JHUHUGIT","type":"malware","source":"MITRE","software_attack_id":"S0044","tidal_id":"905b06f1-c7d2-50e7-90b2-9e353de2c3d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd2ab3e3-3100-465b-9529-e8e52cd2e1b9","name":"Seduploader","description":"[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)][[Talos Seduploader Oct 2017](https://app.tidalcyber.com/references/2db77619-72df-461f-84bf-2d1c3499a5c0)]","source":"MITRE","associated_software_id":"59124557-6250-48b8-aaf8-3fc51df2c993","owner_id":null,"owner_name":null},{"id":"3fbee7bb-2a32-4935-aff2-e938ca018690","name":"JKEYSKW","description":"[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"771f1cd5-dac6-43c9-8c93-9f70ce4137e1","owner_id":null,"owner_name":null},{"id":"94a24271-b4cc-4012-86d3-f3146b25e0e2","name":"Trojan.Sofacy","description":"This designation has been used in reporting both to refer to the threat group ([Skeleton Key](https://app.tidalcyber.com/software/206453a4-a298-4cab-9fdf-f136a4e0c761)) and its associated malware.[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]","source":"MITRE","associated_software_id":"c1808fee-703d-4116-8d6e-7d181244c928","owner_id":null,"owner_name":null},{"id":"f2393857-1a0d-423d-9e2a-4f0c3e97439b","name":"Sednit","description":"This designation has been used in reporting both to refer to the threat group ([APT28](https://app.tidalcyber.com/groups/5b1a5b9e-4722-41fc-a15d-196a549e3ac5)) and its associated malware.[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"04241120-45d5-4261-a13b-4816d2dfc8a7","owner_id":null,"owner_name":null},{"id":"15e69a07-09c5-42a4-9800-3fa8152a3532","name":"GAMEFISH","description":"[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]","source":"MITRE","associated_software_id":"fb803c34-1dbd-4bb4-b397-faec053abe77","owner_id":null,"owner_name":null},{"id":"87b23dd6-4367-4dce-ab5b-17002959f2ef","name":"SofacyCarberp","description":"[[Unit 42 Sofacy Feb 2018](https://app.tidalcyber.com/references/0bcc2d76-987c-4a9b-9e00-1400eec4e606)]","source":"MITRE","associated_software_id":"111fc9b5-1c08-4256-ab5b-7adf2a8bd81e","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)][[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)][[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c6fceac9-2369-44b0-9242-f1f0914dae6e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"af48c73d-5929-5a45-8182-aea5495346a3","name":"J-magic","type":"malware","source":"MITRE","software_attack_id":"S1203","tidal_id":"af48c73d-5929-5a45-8182-aea5495346a3","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"bf977f7a-ce68-4b42-be58-4ac5b5c3bf6c","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"944ed2a3-7a19-43a6-b1a7-14220337e592","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c96fce69-6b9c-4bbc-bb42-f6a8fb6eb88f","name":"JPIN","type":"malware","source":"MITRE","software_attack_id":"S0201","tidal_id":"986e26f3-8dd4-5aaa-8dca-6aaafeaa0308","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"42fe9795-5cf6-4ad7-b56e-2aa655377992","name":"jRAT","type":"malware","source":"MITRE","software_attack_id":"S0283","tidal_id":"43f58878-400c-5703-84bf-1109e4152139","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"53eb8894-1d69-4d53-9743-510f27c12255","name":"Sockrat","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"2adef0c3-f776-48c1-9293-d355b9dbefd7","owner_id":null,"owner_name":null},{"id":"ef49e5e8-7c03-4c7b-81f4-9448ba11cf53","name":"jBiFrost","description":"[[NCSC Joint Report Public Tools](https://app.tidalcyber.com/references/601d88c5-4789-4fa8-a9ab-abc8137f061c)]","source":"MITRE","associated_software_id":"7a75e4bf-a8cf-4fb0-b147-12db5a0bb77a","owner_id":null,"owner_name":null},{"id":"2ac63e52-9b97-4571-888c-9eacafb47f15","name":"JSocket","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"88632c03-4d0a-4307-8d96-370a9fa0c49c","owner_id":null,"owner_name":null},{"id":"28fce90e-ff3d-4325-923c-ad9421ed5dd3","name":"Unrecom","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"f5019366-a5f7-4b6f-ba22-de56a66dc7ca","owner_id":null,"owner_name":null},{"id":"77568c7b-7765-4fa7-8402-f35f4f1388f8","name":"Trojan.Maljava","description":"[[jRAT Symantec Aug 2018](https://app.tidalcyber.com/references/8aed9534-2ec6-4c9f-b63b-9bb135432cfb)]","source":"MITRE","associated_software_id":"4fcf08b4-de50-4ab6-a7ae-a3c3a64f32cc","owner_id":null,"owner_name":null},{"id":"8879a9b9-7df5-4357-819c-54d4c219869b","name":"AlienSpy","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"13f9732c-1a38-45ca-9278-4b3266e32997","owner_id":null,"owner_name":null},{"id":"68380492-9057-4a79-828f-205a3a7596ed","name":"Frutas","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"cf5f6829-3cf7-445f-a4a3-dce78fe6034b","owner_id":null,"owner_name":null},{"id":"861de6da-bf0d-4b12-96d5-3183680fbcac","name":"jFrutas","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"45890a41-4d9a-4a8c-8758-9ed70c6355f4","owner_id":null,"owner_name":null},{"id":"e3ea6fd6-b394-458f-bd5d-27b165322632","name":"Adwind","description":"[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]","source":"MITRE","associated_software_id":"c1239f48-76e5-40c5-897d-80a7d14f8613","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9dba4703-8c29-47dd-ae50-3a50bcea21b6","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"1c67bf0b-22f8-4f57-8f91-f15b4923455f","name":"Jsc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3239","tidal_id":"3efd6482-f812-577f-a4b7-e018667fe98c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"69700923-c77c-4d60-87da-34dc37a2b04e","name":"Jsc.exe","description":"[[Jsc.exe - LOLBAS Project](/references/ae25ff74-05eb-46d7-9c60-4c149b7c7f1f)]","source":"Tidal Cyber","associated_software_id":"adc0e1d8-3291-4c6f-9429-b6a61fb089a7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ad8c15cb-138d-4a62-b9a1-8e38cf73c708","tag":"ee16a0c7-b3cf-4303-9681-b3076da9bff0"},{"id":"ffb2b8d2-6289-41be-9a20-ebc7c24af64e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4ef792c4-34f3-4873-a507-79f00249ef51","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c67f3029-a26c-4752-b7f1-8e3369c2f79d","name":"JSS Loader","type":"malware","source":"MITRE","software_attack_id":"S0648","tidal_id":"fb871861-bab6-5ac9-a258-193a233a86bc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"82b70126-c7c9-4595-a2e3-8ea272f42ee1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"4d8a11c3-caa0-4519-86bd-56a6fb33c20e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"57e9c32b-a1fa-45bc-9a57-098834a2c356","name":"Juicy Potato","type":"malware","source":"Tidal Cyber","software_attack_id":"S3069","tidal_id":"c6cd0e0b-62b9-5b75-aa9d-602642c9d036","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"51a65ed4-83eb-4931-939d-e346d9b30f6a","tag":"4ac8deac-b33f-4276-b9ee-2d810138aedc"},{"id":"2ea53d76-6a16-435d-8b6a-5d40f81e91c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e16119d6-2fb3-4fd5-b192-b315b5822070","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"df606134-01fc-44e2-9fe5-698c70bc9b0f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c40cc75a-8507-5051-b5b9-e1a980df539d","name":"JumbledPath","type":"malware","source":"MITRE","software_attack_id":"S1206","tidal_id":"c40cc75a-8507-5051-b5b9-e1a980df539d","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[Cisco Salt Typhoon FEB 2025](https://app.tidalcyber.com/references/9e862514-c8ff-5125-9762-2fb9fafb5625)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f66f2d46-b54c-4343-8224-22ed02eb165e","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"c02ade32-d063-5b37-b598-80c09321184a","name":"Kapeka","type":"malware","source":"MITRE","software_attack_id":"S1190","tidal_id":"c02ade32-d063-5b37-b598-80c09321184a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d42ca72c-2dab-56da-af37-959d40ad68ef","name":"KnuckleTouch","description":"[[Microsoft KnuckleTouch 2024](https://app.tidalcyber.com/references/b4b71551-45a7-50eb-891f-0f3df592f316)]","source":"MITRE","associated_software_id":"d854b855-c1a4-46d6-9a3b-d7cafcff526c","owner_id":null,"owner_name":null}],"groups":[{"description":"[Kapeka](https://app.tidalcyber.com/software/c02ade32-d063-5b37-b598-80c09321184a) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) operations and previous malware variants such as [GreyEnergy](https://app.tidalcyber.com/software/f646e7f9-4d09-46f6-9831-54668fa20483).[[Microsoft KnuckleTouch 2024](https://app.tidalcyber.com/references/b4b71551-45a7-50eb-891f-0f3df592f316)][[WithSecure Kapeka 2024](https://app.tidalcyber.com/references/0160d4fa-0a68-5310-a96f-840748d63acf)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a8a58d9f-e94f-4cf9-ae13-f807c5b76fa2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ca883d21-97ca-420d-a66b-ef19a8355467","name":"KARAE","type":"malware","source":"MITRE","software_attack_id":"S0215","tidal_id":"1264fdbf-145c-5581-838f-cb6897b43b6b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1896b9c9-a93e-4220-b4c2-6c4c9c5ca297","name":"Kasidet","type":"malware","source":"MITRE","software_attack_id":"S0088","tidal_id":"b182ee0a-657a-5b5d-9864-a75463fb0f76","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0cce10f0-ab7b-49c4-8c79-b3ca3f51e64f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e93990a0-4841-4867-8b74-ac2806d787bf","name":"Kazuar","type":"malware","source":"MITRE","software_attack_id":"S0265","tidal_id":"03ee22b2-7b03-58e5-b29c-25b176d27bcf","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Kazuar May 2017](https://app.tidalcyber.com/references/07e64ee6-3d3e-49e4-bb06-ff5897e26ea9)][[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fc48c33f-b49c-4e3c-ba45-322b79dc70e2","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"17c28e46-1005-4737-8567-d4ad9f1aefd1","name":"Kerrdown","type":"malware","source":"MITRE","software_attack_id":"S0585","tidal_id":"e697a328-f969-5358-855f-b6ee3aa4294e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)][[Unit 42 KerrDown February 2019](https://app.tidalcyber.com/references/bff5dbfe-d080-46c1-82b7-272e03d2aa8c)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"672411d8-6b4e-400c-8ee9-7455c3409585","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"32f1e0d3-753f-4b51-aec5-cfaa393cedc3","name":"Kessel","type":"malware","source":"MITRE","software_attack_id":"S0487","tidal_id":"277457f4-d509-583c-8d78-52dd9a520790","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b9730d7c-aa57-4d6f-9125-57dcb65b02e0","name":"Kevin","type":"malware","source":"MITRE","software_attack_id":"S1020","tidal_id":"290ec14a-914e-5fb1-864c-3e8030cb6de2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6ec39371-d50b-43b6-937c-52de00491eab","name":"KeyBoy","type":"malware","source":"MITRE","software_attack_id":"S0387","tidal_id":"e4f1836c-15d9-5286-a626-f28b6035317a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Tropic Trooper Nov 2016](https://app.tidalcyber.com/references/cad84e3d-9506-44f8-bdd9-d090e6ce9b06)][[CitizenLab Tropic Trooper Aug 2018](https://app.tidalcyber.com/references/5c662775-9703-4d01-844b-40a0e5c24fb9)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"aefbe6ff-7ce4-479e-916d-e8f0259d81f6","name":"Keydnap","type":"malware","source":"MITRE","software_attack_id":"S0276","tidal_id":"5a04bfc0-352f-5bae-9578-239436e70a5c","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"07ba0d37-1346-40dc-9302-2f0a11df801b","name":"OSX/Keydnap","description":"[[OSX Keydnap malware](https://app.tidalcyber.com/references/d43e0dd1-0946-4f49-bcc7-3ef38445eac3)]","source":"MITRE","associated_software_id":"115076c8-07e5-4bb3-8951-0a1a57666b17","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"a644f61e-6a9b-41ab-beca-72518351c27f","name":"KEYMARBLE","type":"malware","source":"MITRE","software_attack_id":"S0271","tidal_id":"478647b6-f5c1-5657-95ba-d51a2a6e4bd5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT KEYMARBLE Aug 2018](https://app.tidalcyber.com/references/b30dd720-a85d-4bf5-84e1-394a27917ee7)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ba9e56b9-7904-5ec8-bb39-7f82f7b2e89a","name":"KEYPLUG","type":"malware","source":"MITRE","software_attack_id":"S1051","tidal_id":"e71b2655-3673-578d-b88d-2ba4998913dc","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"596141b0-1434-5db7-b6aa-b38ba7fd557f","name":"KEYPLUG.LINUX","description":"[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]","source":"MITRE","associated_software_id":"a649459f-dd6d-424f-87c4-aeb8412ca6f6","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c1e1ab6a-d5ce-4520-98c5-c6df41005fd9","name":"KGH_SPY","type":"malware","source":"MITRE","software_attack_id":"S0526","tidal_id":"a7a5865c-3118-5941-b429-9c24f3090e78","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b5532e91-d267-4819-a05d-8c5358995add","name":"KillDisk","type":"malware","source":"MITRE","software_attack_id":"S0607","tidal_id":"35cb777c-8f76-5c85-9e46-662cc15f490b","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ce9ccd1f-884b-4cd1-9f8b-94a2dafb79ed","name":"Win32/KillDisk.NBI","description":"","source":"MITRE","associated_software_id":"12213e6d-72a5-447e-9e19-2a7eb7e2d81c","owner_id":null,"owner_name":null},{"id":"0f8c5522-3cd2-4aea-bbc7-6ba33ab37514","name":"Win32/KillDisk.NBH","description":"","source":"MITRE","associated_software_id":"f716a88b-4693-4d43-97b0-c5603202d586","owner_id":null,"owner_name":null},{"id":"f4b77018-2523-4408-a2b0-601d13d642d1","name":"Win32/KillDisk.NBD","description":"","source":"MITRE","associated_software_id":"4b3409dd-72c5-4808-9d11-7806955a7231","owner_id":null,"owner_name":null},{"id":"ccd8e126-f0e0-4587-9ee8-4ac697086e9e","name":"Win32/KillDisk.NBC","description":"","source":"MITRE","associated_software_id":"c0b27dd0-0895-4ddb-97da-2d55f2c22ca6","owner_id":null,"owner_name":null},{"id":"de61a923-4ed1-4f83-97dd-2f98c2bda21f","name":"Win32/KillDisk.NBB","description":"","source":"MITRE","associated_software_id":"df0e171c-ed35-4f1d-9ded-a16e58383bd7","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET Lazarus KillDisk April 2018](https://app.tidalcyber.com/references/454704b7-9ede-4d30-acfd-2cf16a89bcb3)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)][[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"15c70382-d290-4419-94ff-1f6124255c89","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"fa85f93a-7617-445d-9167-c858e6196524","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"99b1c09c-d329-4a8b-ab18-8fe61b85def1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"64507423-2b90-4af1-8341-fdb95b01b620","name":"KillSec Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3413","tidal_id":"ba53bdd4-e0bf-535b-8f25-529cc9573760","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cyber Express KillSec June 26 2024](/references/9afb764a-84fb-4fea-b925-d7d36a24ac14)]","group_attack_id":"G3065","group_id":"0ed0c954-780d-46a7-a955-f1f4dc91f0ac","name":"KillSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"759a893c-8937-4135-98c3-d081b8f32d37","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"2cf89908-2e3f-4924-bef7-2bc799f84b67","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"dcf015e1-3f8c-4a74-8b9b-8c9cb932af5f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"7b4f157c-4b34-4f55-9c20-ff787495e9ba","name":"Kinsing","type":"malware","source":"MITRE","software_attack_id":"S0599","tidal_id":"2e4660b8-ab2d-5c62-aa1e-6465b461e1ab","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[],"tags":[{"id":"fd6d3de1-4c74-48b4-a41b-6d55036752bf","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"},{"id":"9a4e40ec-0eed-4de2-b6c1-2a775c764501","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":null},{"id":"673ed346-9562-4997-80b2-e701b1a99a58","name":"Kivars","type":"malware","source":"MITRE","software_attack_id":"S0437","tidal_id":"76d490cf-e280-5b1f-9b15-d1e1b1766086","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro BlackTech June 2017](https://app.tidalcyber.com/references/abb9cb19-d30e-4048-b106-eb29a6dad7fc)][[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5e981594-d00a-4c7f-8ed0-3d4a60cc3fcd","name":"Koadic","type":"tool","source":"MITRE","software_attack_id":"S0250","tidal_id":"37eb3f69-5ad4-5bf2-b18c-b450176da50e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Reaqta MuddyWater November 2017](https://app.tidalcyber.com/references/ecd28ccf-edb6-478d-a8f1-da630df42127)][[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Palo Alto Sofacy 06-2018](https://app.tidalcyber.com/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ATT Sidewinder January 2021](https://app.tidalcyber.com/references/d6644f88-d727-4f62-897a-bfa18f86380d)]","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b3b720e1-e2e0-457f-bee1-0f3407fe92f8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2c6f0e76-098e-4ad5-b5c1-06f0d2dfc19e","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"bf918663-90bd-489e-91e7-6951a18a25fd","name":"Kobalos","type":"malware","source":"MITRE","software_attack_id":"S0641","tidal_id":"a974c73f-14eb-55af-b49e-bba073fad48d","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3e13d07d-d9e1-4456-bec3-b2375e404753","name":"KOCTOPUS","type":"malware","source":"MITRE","software_attack_id":"S0669","tidal_id":"c45f4070-551c-52d2-ad59-057871bf7b96","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2cf1be0d-2fba-4fd0-ab2f-3695716d1735","name":"Komplex","type":"malware","source":"MITRE","software_attack_id":"S0162","tidal_id":"2dbbbf71-5ef6-5a08-a991-b9d42e8f7b60","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"[[XAgentOSX 2017](https://app.tidalcyber.com/references/2dc7a8f1-ccee-46f0-a995-268694f11b02)][[Sofacy Komplex Trojan](https://app.tidalcyber.com/references/a21be45e-26c3-446d-b336-b58d08df5749)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3067f148-2e2b-4aac-9652-59823b3ad4f1","name":"KOMPROGO","type":"malware","source":"MITRE","software_attack_id":"S0156","tidal_id":"ac90744c-80fb-50cc-a8d5-4eddf4b4bd70","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d381de2a-30cb-4d50-bbce-fd1e489c4889","name":"KONNI","type":"malware","source":"MITRE","software_attack_id":"S0356","tidal_id":"d6f65ef6-cde5-5e4b-9f20-0a25a84fc947","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e721b206-83e8-4a85-b369-bd5ea38ffb9c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d09c4459-1aa3-547d-99f4-7ac73b8043f0","name":"KOPILUWAK","type":"malware","source":"MITRE","software_attack_id":"S1075","tidal_id":"96a9a80b-57a0-558f-bb65-cb1645e751d3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant Suspected Turla Campaign February 2023](https://app.tidalcyber.com/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a23fb127-929a-432d-be80-c14700f4bfaa","name":"Kubo Injector","type":"tool","source":"Trellix TIG","software_attack_id":"S3461","tidal_id":"3fd486ca-770c-54ef-8921-e55941b66894","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"35ac4018-8506-4025-a9e3-bd017700b3b3","name":"Kwampirs","type":"malware","source":"MITRE","software_attack_id":"S0236","tidal_id":"2aa6760d-2fcd-5368-8b6f-d323b9e5890f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2a760071-4fed-4df8-b7e9-fa7b606702ff","name":"Ladon 911","type":"tool","source":"Tidal Cyber","software_attack_id":"S3433","tidal_id":"12350664-fe2b-512a-a0f6-96d414d4eed2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9277bfb7-71b4-48ad-95f9-bce5fa5defa1","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"406b5cd9-49a7-4d91-ae48-f80b12548c31","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"958d35df-1d33-4ded-8589-5f2115fbbc41","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b95f1097-1b6a-4e6a-8616-c364c87214aa","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"ae3d673e-c982-4d5f-a46e-05aaed229e67","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"a1fcbc65-3698-45a4-bd2a-87594175219b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0d3be9a7-0e12-46e1-92e4-eca1de512bec","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f79e9068-ab74-4821-abcd-7fddd6ea229d","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"413585a2-00d1-532d-953a-bc5c86f4767f","name":"Latrodectus","type":"malware","source":"MITRE","software_attack_id":"S1160","tidal_id":"413585a2-00d1-532d-953a-bc5c86f4767f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"785c630f-853c-5487-aa67-a21f513c08a3","name":"IceNova","description":"[[Bleeping Computer Latrodectus April 2024](https://app.tidalcyber.com/references/b138b07e-d68b-5f68-ba74-ddd7bb654fa6)]","source":"MITRE","associated_software_id":"62c29157-857d-4bdb-911d-81370cccd516","owner_id":null,"owner_name":null},{"id":"63b5d17b-48e5-5848-a076-ffca80bbaa09","name":"Unidentified 111","description":"[[Bleeping Computer Latrodectus April 2024](https://app.tidalcyber.com/references/b138b07e-d68b-5f68-ba74-ddd7bb654fa6)]","source":"MITRE","associated_software_id":"0268cb50-549e-46fd-909e-49bf4049806e","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)][[Bitsight Latrodectus June 2024](https://app.tidalcyber.com/references/9a942e75-3541-5b8d-acde-8f2a3447184a)]","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c0cde451-f64a-4d34-8136-00954ad1b08f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"288b2ab2-255a-457a-a6eb-02ee4711d6b8","name":"Launch-VsDevShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3379","tidal_id":"7e5f0221-69a7-53b5-ade9-7afe83ede1a7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d1d035ea-1d90-45dd-9ff0-0536dd045a51","name":"Launch-VsDevShell.ps1","description":"[[Launch-VsDevShell.ps1 - LOLBAS Project](/references/6e81ff6a-a386-495e-bd4b-cf698b02bce8)]","source":"Tidal Cyber","associated_software_id":"b7501271-0611-44a6-b8ee-844345798754","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a21a9009-2078-456e-8b0d-a964b8f0ba51","tag":"5be0da70-9249-44fa-8c3b-7394ef26b2e0"},{"id":"d8f4b8a3-48e5-43d8-87e9-4d39f22fee0d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a8450ac3-2279-4aec-b534-a72194cecff3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f5558af4-e3e2-47c2-b8fe-72850bd30f37","name":"LaZagne","type":"tool","source":"MITRE","software_attack_id":"S0349","tidal_id":"10f8488d-3635-5f0a-a066-4765138009dd","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ThreatDown RansomHub September 9 2024](/references/34422e6e-0e79-48ba-a942-9816e9b4ee7c)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET EvilNum July 2020](https://app.tidalcyber.com/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)][[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ATT TeamTNT Chimaera September 2020](https://app.tidalcyber.com/references/5d9f402f-4ff4-4993-8685-e5656e2f3aff)]","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) can obtain credential information using [LaZagne](https://app.tidalcyber.com/software/f5558af4-e3e2-47c2-b8fe-72850bd30f37).[[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Cloud Atlas August 2019](https://app.tidalcyber.com/references/4c3ae600-0787-4847-b528-ae3e8ff1b5ef)]","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"5449f49f-cede-465e-947b-e7afd66844ab","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"ddf89a40-1130-4e80-8989-5528bd44483a","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"61862fd5-6329-4c25-93f1-08059da78e1d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"0cf96078-8184-4f4e-b698-73bf43fb9955","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d0b2fa92-7bf3-4fd6-a666-c19c92966fed","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"065615f5-8e33-43f2-bdf9-b98961228ef1","tag":"26c5dec7-3184-4873-ae20-9558a498a27f"},{"id":"72976229-854d-4e7c-a920-26b3b69fdba6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a3ce494a-f725-435f-a35e-df1958ee3e59","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cdae1204-231d-4a7e-8308-1c44713d7195","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"7cc2d5bc-8c6c-4482-a35b-ddb71194c018","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0af122b0-43e0-4b9a-839f-d7d294cfe7f7","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"994f3aee-b351-489f-b871-dcdb0f76eb79","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"172c3c53-b57d-4859-a56c-bb27c3f490af","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e9e77c93-6a8f-4ba4-8742-5d1c35ba2a64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bf716a54-6884-400a-b41b-e4b295e8557e","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"d0ff555f-ba74-457c-b6e4-02962c230b60","name":"Ldifde","type":"tool","source":"Tidal Cyber","software_attack_id":"S3240","tidal_id":"5fa5cbb9-4515-5bb0-ab66-cca0d88f5e99","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e35b1b7d-6a90-4758-9b38-d6f08fed6726","name":"Ldifde.exe","description":"[[Ldifde.exe - LOLBAS Project](/references/45d41df9-328c-4ea3-b0fb-fc9f43bdabe5)]","source":"Tidal Cyber","associated_software_id":"6c55efe5-a5d3-411d-8993-697f2fc91144","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc0a2423-d406-44b9-a6f7-202d46ba08c8","tag":"cea43301-9f7a-46a5-be3a-3a09f0f3c09e"},{"id":"5485fd07-f4a4-49ea-a63e-dc8b35dd99c3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"8e902b51-d07f-4e69-babf-7a8053085d91","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"ace92f1c-00aa-4abf-bbd5-c57df3afed39","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"94e612b8-ada7-4d4f-8ca3-433a7b21a417","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"732861ed-a641-463b-affa-d720c39ba202","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c7a5fbbd-a4e0-429d-b2ed-13a1fa3bc4cc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5357c878-b90b-47cb-86b6-311089db8ccc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d5d79a51-3756-40de-81cd-4dac172fbb74","name":"LEMURLOOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3022","tidal_id":"df0cdd73-78ff-5463-a919-34ee38228776","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant MOVEit Transfer June 2 2023](/references/232c7555-0483-4a57-88cb-71a990f7d683)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3a41d379-966a-4b94-b49d-71bd76bee4aa","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e1dd6770-1e4b-4124-be79-a2854bc4de83","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"edda33bd-afb6-4d24-aba3-5e09188acc34","tag":"173e1480-8d9b-49c5-854d-594dde9740d6"},{"id":"e2679018-189c-4e39-9400-0acbf3f51b2a","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"bce485ad-7d4f-45b6-b3c1-218f2f757611","name":"Level","type":"tool","source":"Tidal Cyber","software_attack_id":"S3092","tidal_id":"e8c8bf76-1a88-58e0-a1b9-79321123406e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a8fb8466-5721-4b25-9f8a-a979d8906b0c","name":"Level Remote Management","description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","source":"Tidal Cyber","associated_software_id":"de43630e-5949-4c69-ab58-9e3d44a72386","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"1c96db74-8cd0-41d5-8fcc-64c745e30d59","name":"Level.io","description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","source":"Tidal Cyber","associated_software_id":"d24d63ab-a1b5-4e20-9e60-f2df8fba9cb7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9ac3f8fe-554c-4fe2-80c1-1601f2c59e3a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"71db6881-07ed-4f82-bac6-973581f4b645","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2ef409e3-56b5-4f74-9bbb-0e3f6d23e555","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e13bc847-3075-40de-bce0-8d20d0b6698c","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"c9d2f023-d54b-4d08-9598-a42fb92b3161","name":"LightNeuron","type":"malware","source":"MITRE","software_attack_id":"S0395","tidal_id":"7bf51d90-6cff-5558-8108-c1a6f4c3479e","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET LightNeuron May 2019](https://app.tidalcyber.com/references/679aa333-572c-44ba-b94a-606f168d1ed2)][[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cf89306c-8526-4363-b133-3d35a93e4e47","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ea7435b5-bb56-5ee1-ac2e-256aec44ae47","name":"LightSpy","type":"malware","source":"MITRE","software_attack_id":"S1185","tidal_id":"ea7435b5-bb56-5ee1-ac2e-256aec44ae47","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MelikovBlackBerry LightSpy 2024](https://app.tidalcyber.com/references/633f7a09-721f-5e16-ba3b-0b1802a41852)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d6b06974-94e8-49e0-a9f6-a12be847c59e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1b3af76f-f9a1-58ce-8c7d-aec535f8d0c0","name":"LIGHTWIRE","type":"malware","source":"MITRE","software_attack_id":"S1119","tidal_id":"62cc899d-e658-5d1d-9f9e-7d628fcf1299","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"3113cb05-23b4-4f90-ab7a-623b800302ce","name":"Ligolo","type":"tool","source":"Tidal Cyber","software_attack_id":"S3036","tidal_id":"fa4049aa-7672-5cdd-a290-dd7e22ca8d93","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Pioneer Kitten August 28 2024](/references/783f4aee-84d9-43dc-accc-99fee6b1ff92)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b9095d5e-e113-4991-9f43-5ddea4a836a9","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"c854f0f5-c31e-461e-8290-47f256b586b8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7573c542-11f2-4786-8158-7211311e0e10","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"108ffede-85d1-4983-aa7f-a72ca9ae8fea","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"4bf0544c-e33b-4a27-9060-0b98178fd263","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1ef8b460-39a0-4dd7-80fd-90f9cf0ede77","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3976d92f-6c2e-42ad-a5fa-5d974c1179ae","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"664f561b-88e2-41f5-be7b-6f6f5af756cc","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"f61f7336-5586-4ceb-852f-d2f86cf4a05d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"22b4ffc9-e471-4d85-9ed5-f65906b08480","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"91d7e296-234c-4d23-84c6-44494c20788b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e0fbacdf-ef3c-41d3-8273-cdedf91693de","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4b345932-4003-4f19-b490-ede26e82038a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9781f766-1afc-517b-9b3e-1cbeed9c556e","name":"Line Dancer","type":"malware","source":"MITRE","software_attack_id":"S1186","tidal_id":"9781f766-1afc-517b-9b3e-1cbeed9c556e","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"25999b5a-d111-4e14-91a9-9a8a32d9f6e7","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fe0446e8-5af8-4a77-81af-5fdb310a2942","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"301950ef-fa98-4e94-a60d-5d34aed2d3a7","tag":"6bb2f579-a5cd-4647-9dcd-eff05efe3679"},{"id":"65a20b48-24d3-4172-bf51-36091387da9e","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"132e109e-9673-4d72-8fa8-e597e838e1f6","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"9aae5a8f-2ec2-43f8-9606-597277f22db4","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"}],"owner_name":null},{"id":"80412b83-74e4-4bea-b05b-84b00f41db69","name":"Line Dancer (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3132","tidal_id":"7193fbc2-213f-56a1-ace0-d0d5fcef4d40","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"c73f7632-101f-4406-b0f2-55758c403859","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a24bd0b6-bdfd-4fbf-94e2-6547f2aee0ae","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d3388b1f-86eb-4b4d-8571-93038b8f3552","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"cb921641-3171-48ac-aaf7-73edb5be5c7a","tag":"6bb2f579-a5cd-4647-9dcd-eff05efe3679"},{"id":"783e19ad-bf4b-4b43-bfd6-539c38011433","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"e8bb7716-0189-4590-acfb-0e8f912aeabc","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"}],"owner_name":"TidalCyberIan"},{"id":"dd98310f-9824-5c75-944f-79b5eabbfe58","name":"Line Runner","type":"malware","source":"MITRE","software_attack_id":"S1188","tidal_id":"dd98310f-9824-5c75-944f-79b5eabbfe58","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"81ffd154-8288-447d-9cfb-b9238616b25b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d1fc310c-243e-4261-986b-d0cc7b8cabd5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"268bc508-2039-43f6-9e6c-886592014883","tag":"c25f341a-7030-4688-a00b-6d637298e52e"},{"id":"c144d322-1851-498d-9072-aeb1fa36626e","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"06f6a13d-a7d0-41f6-8a67-1527fe1f7ed5","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"a3d10ff3-e260-4f09-a847-ba5f77085943","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"4f04e338-4ebb-4a98-af5f-0ce52026fb80","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":null},{"id":"60bb6282-9eb8-4640-9d79-69c0c8ee0e0b","name":"Line Runner (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3133","tidal_id":"df6be616-ae62-5cdc-837a-b1f293b61cf6","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"470bbad4-d203-4a4d-9bb8-69bee539b1b9","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"faf758e2-280a-4bd8-8e7a-c6fe92860a0c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"50fb1578-0f6f-42ca-8ce5-360623a004c0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"062e97e0-f710-4fab-8b7b-2e603a0dc7f8","tag":"c25f341a-7030-4688-a00b-6d637298e52e"},{"id":"b0a90f1c-f3fd-4004-ab56-5ea9749ff770","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"aee27d84-f690-4f73-a0a5-f404f4aa305a","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"aa035ea3-12ac-45b4-9d83-95ac5f1daced","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":"TidalCyberIan"},{"id":"925975f8-e8ff-411f-a40e-f799968046f7","name":"Linfo","type":"malware","source":"MITRE","software_attack_id":"S0211","tidal_id":"0fcc7cd5-300f-5be0-9735-8ef367ad3177","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a09cedf5-885d-4ddf-a8c4-c236a5df90cf","name":"LinPEAS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3443","tidal_id":"21df948d-1067-5de0-b0a3-8659fad5590a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Crowdstrike TELCO BPO Campaign December 2022](/references/382785e1-4ef3-506e-b74f-cd07df9ae46e)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"203fa1d1-8e53-4cc9-8533-ff0353a30512","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"0874966b-62c3-4e37-b172-892f6fb9979b","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"1c2d83b2-e5d8-4432-818c-c7a8a4887bdd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a6a62b55-f335-4075-8762-d9d48881e425","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"906529bc-249f-4440-835f-11c6c3060271","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"be3277a9-0177-495d-ac88-cfa60c3812c6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51fd3285-6b3c-4190-912d-381ab6be29f0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d017e133-fce9-4982-a2df-6867a80089e7","name":"Linux Rabbit","type":"malware","source":"MITRE","software_attack_id":"S0362","tidal_id":"1daa0ab5-7e88-543b-832b-033935cc0d36","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"1b89b3a7-5412-41c6-b775-5365083c4a39","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"90c3c130-22df-46d9-9b82-125b8ff27346","tag":"70dc52b0-f317-4134-8a42-71aea1443707"}],"owner_name":null},{"id":"71e4028c-9ca1-45ce-bc44-98209ae9f6bd","name":"LiteDuke","type":"malware","source":"MITRE","software_attack_id":"S0513","tidal_id":"502b6b47-a650-5714-88d7-ec6fe23a08dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aae51ff9-1f23-4635-ab34-27cede1cf882","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cc568409-71ff-468b-9c38-d0dd9020e409","name":"LitePower","type":"malware","source":"MITRE","software_attack_id":"S0680","tidal_id":"e3334960-0268-53be-9a57-40507885b1bd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky WIRTE November 2021](https://app.tidalcyber.com/references/143b4694-024d-49a5-be3c-d9ceca7295b2)]","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca","name":"LITTLELAMB.WOOLTEA","type":"malware","source":"MITRE","software_attack_id":"S1121","tidal_id":"f0a491df-2c50-5b72-9a77-f4caaa46bc3f","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"65d46aab-b3ce-4f5b-b1fc-871db2573fa1","name":"Lizar","type":"malware","source":"MITRE","software_attack_id":"S0681","tidal_id":"acbfccba-4c1c-5fe4-8e0e-a5ee5fddd741","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"59752f77-382b-4bc6-9e95-32a6db8c0e0a","name":"Tirion","description":"[[BiZone Lizar May 2021](https://app.tidalcyber.com/references/315f47e1-69e5-4dcb-94b2-59583e91dd26)][[Gemini FIN7 Oct 2021](https://app.tidalcyber.com/references/bbaef178-8577-4398-8e28-604faf0950b4)]","source":"MITRE","associated_software_id":"1eb0bda6-e564-43eb-b440-8da9ffd39909","owner_id":null,"owner_name":null},{"id":"58dbecaa-be90-4ca6-94d6-13bf22e979a2","name":"IceBot","description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","source":"Tidal Cyber","associated_software_id":"23ac6dbc-1075-4612-9afa-46d216fb696b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"e1efd315-f6de-4a5e-a1e5-e9a486c719a4","name":"DiceLoader","description":"[[Mandiant FIN7 Apr 2022](/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]","source":"Tidal Cyber","associated_software_id":"ac708833-b07b-4453-8e94-681bceffb5a0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Threatpost Lizar May 2021](https://app.tidalcyber.com/references/1b89f62f-586d-4dee-b6dd-e5a5cd090a0e)][[Gemini FIN7 Oct 2021](https://app.tidalcyber.com/references/bbaef178-8577-4398-8e28-604faf0950b4)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"69d8998e-3347-48fd-a487-7bea9c78ae01","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1fdf0472-f707-44e3-be53-831b93779a5f","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"5a7f1dda-d61d-4a9c-b7f9-00548e3bfc97","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"2fca99a9-7088-4955-87b4-52b4d14f2ceb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"dfd98464-9890-4e28-9c4c-63c252a68440","name":"LocalOlive","type":"malware","source":"Tidal Cyber","software_attack_id":"S3441","tidal_id":"af5e9bad-08f7-579a-a796-18c3195182f4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c71cb178-dcfd-46b3-be6d-b9432167a956","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8f1c0de-9ab1-4c4d-9f55-a16368390688","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"fbcb9d61-ce50-4350-84e8-0ed0ac07d5d5","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"995bcd8e-85c3-5fb2-8e00-677a029c102a","name":"LockBit 2.0","type":"malware","source":"MITRE","software_attack_id":"S1199","tidal_id":"995bcd8e-85c3-5fb2-8e00-677a029c102a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"32a94ff1-c7f7-4249-9d89-5cf3f16ed025","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e09a4a31-6781-43f2-b209-592ecbc95a89","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"c90dafca-b5b7-4679-bfc1-e25fed42e479","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"57c0c072-50b9-5adb-ae2e-99c5f13807d1","name":"LockBit 3.0","type":"malware","source":"MITRE","software_attack_id":"S1202","tidal_id":"57c0c072-50b9-5adb-ae2e-99c5f13807d1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1f032f33-6e3e-5c32-8eb7-08ff0eee67f0","name":"LockBit Black","description":"[[Joint Cybersecurity Advisory LockBit JUN 2023](https://app.tidalcyber.com/references/44265bd3-ae1f-5826-aee9-009432f6ab46)][[Joint Cybersecurity Advisory LockBit 3.0 MAR 2023](https://app.tidalcyber.com/references/b08902da-d993-51eb-acbf-8ac410bc6cb0)][[Sentinel Labs LockBit 3.0 JUL 2022](https://app.tidalcyber.com/references/04c8f812-14a1-5ecd-b174-e4ae4e3e83cf)]","source":"MITRE","associated_software_id":"6dd9e252-bdd3-4d58-ae9b-86859f63d757","owner_id":null,"owner_name":null}],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"643d0f2d-9689-4d38-8b4c-277f5e4467d2","tag":"b5536626-d6ba-40cf-a3a2-17b9cd8eb0f5"},{"id":"7acd993e-0be3-4a94-b5e7-9aa7fdca1644","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"5ee6c496-7b65-49c9-a994-ac5c46bb57d3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"e78b8ff0-d658-443b-a520-3cd69620ebc9","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"ae1f76b0-3564-417b-bc85-31ac5f609cf5","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"472de2f5-7f66-408a-8539-b094abe50461","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f9d4fbfd-6777-45a4-b6aa-0c9b6cf045d8","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"2e6441d8-5f52-4452-bc45-7af46cfaaae6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c5f3505b-ccd2-40ef-8d6d-69b4d7c2124f","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"27c5ddb8-685c-41c5-91ca-f9f325a613c5","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"c82952b1-1d11-4f64-9869-fc9dc326b777","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"00e77cd6-b8c1-49bf-81c4-325ef969f305","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f57a7a04-7b2e-473e-bb0f-ba119ac5501c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"08c70ea5-9d4d-4146-826e-c5ebd5490378","name":"LockBit 3.0 (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3015","tidal_id":"a5c16a88-708e-59af-af39-bb9c46ada7d7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7c5ade8f-e93f-4ade-844a-84894270457a","name":"LockBit Black","description":"[[U.S. CISA LockBit 3.0 March 2023](/references/06de9247-ce40-4709-a17a-a65b8853758b)]","source":"Tidal Cyber","associated_software_id":"37c1fbc5-58d9-48f5-a06f-887a9d404a18","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"131a0449-9292-4ddf-82e9-77ef0ea93dc9","tag":"b5536626-d6ba-40cf-a3a2-17b9cd8eb0f5"},{"id":"dd41472e-f3eb-49e9-b9dd-ba851923d8cd","tag":"ba2210ad-0cf7-4a28-8d40-c1dbec5fb202"},{"id":"6039723b-d404-4746-ac91-50c2fa4e9f71","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"6e85314e-c12c-4c5b-92e0-5a1cdd3a3fd8","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"5ed7efe8-9af9-4ff8-bb11-e19ff797775b","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"b62c279c-0fe0-4d05-840b-76641db7f246","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"005ecfea-c472-4d74-957a-d0bdec9acafd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"ac0bb9a2-9acd-4ac8-8e51-15ed7f750aeb","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"b296c1b1-ca5d-4835-8b1f-42d6c7bc05f6","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3b5eb85d-d57f-47bc-b41c-bf906cb55ca7","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"e45e44a0-d9c2-4182-84c3-308d75d7a91b","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"ce53d561-9292-4e72-95f8-d5a100a1aaf3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f62a0c12-2533-4fd5-b247-b5cd3c05a0d5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"eee76ac3-1c97-419c-b01e-66907704fd26","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"9210ff51-3696-4309-82a6-fe728d4e2a13","name":"LockBit 4.0","type":"malware","source":"Tidal Cyber","software_attack_id":"S3456","tidal_id":"cb90f163-f7f2-5069-b4f5-e8a4f1298d48","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Chuong Dong March 15 2025](/references/a49936db-f04e-4eeb-8bb5-d535cf7c3776)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0b478181-3db0-459b-bb00-529e027a1392","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"d42fd728-f8a0-4e03-9fb1-2f6da5ea404c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"72a8bd05-9395-4d41-b383-d59c2e9ce61d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2eae5f48-9474-4b4c-8d14-8ad24655b760","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"65bc8e81-0a08-49f6-9d04-a2d63d512342","name":"LockerGoga","type":"malware","source":"MITRE","software_attack_id":"S0372","tidal_id":"5eaf07c0-bfdb-5a1c-9b21-4ed1428cf1ee","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4471e557-444b-4bf2-a0dc-44c731f040bc","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"b71aaff2-b00e-4fc8-8ba3-c800d6b8a4d1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fc077eda-24fd-4c4a-8f76-db1bc1446d36","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"77ac7bdb-9795-4eb4-8fe6-a1ddabeb2065","name":"LODEINFO","type":"malware","source":"Tidal Cyber","software_attack_id":"S3465","tidal_id":"06683448-4986-5f2a-b237-6f28f232cb0a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4b860870-ebfe-4f0d-9f60-ae2f984e24be","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"51de7c91-7907-4520-9b12-d82e2f4a1241","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1bf95d37-3c4b-4e3b-ba48-6cf12c045421","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d28c3706-df25-59e2-939f-131abaf8a1eb","name":"LoFiSe","type":"malware","source":"MITRE","software_attack_id":"S1101","tidal_id":"513510b0-3400-5177-997d-9dadadd7958b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7b471178-30a1-4c48-bbff-c4d2fdbb35a9","name":"LogMeIn","type":"tool","source":"Tidal Cyber","software_attack_id":"S3098","tidal_id":"e52d5e0d-f4c0-5166-9e1c-2cc0379e085f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7069bbbd-00ad-4118-b656-17a9db611a65","name":"Rescue","description":"","source":"Tidal Cyber","associated_software_id":"79b93082-8ee8-49c9-a5c4-4cf5309a6a5c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc146608-e184-4b5b-956f-0ec15ede2a9d","tag":"c589aae8-7452-42a9-a9ae-5638a5ab4a12"},{"id":"5ecbd6cf-8505-47da-ac3e-d2f04a926131","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c726e608-e00b-4b13-a463-b1048d61676e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"11d861ad-8d57-46f5-b84e-1ac8bda78642","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d13e5c9-b9cb-413c-a306-75344e9214f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"7af68a66-26e7-4f35-b4a0-4f2bcb322305","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"039f34e9-f379-4a24-a53f-b28ba579854c","name":"LoJax","type":"malware","source":"MITRE","software_attack_id":"S0397","tidal_id":"7033bb61-eab2-58bc-8d22-5eb4e616a184","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET LoJax Sept 2018](https://app.tidalcyber.com/references/bb938fea-2b2e-41d3-a55c-40ea34c00d21)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aed4e691-78b1-43b6-82f6-c93c7dcedc76","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"4fead65c-499d-4f44-8879-2c35b24dac68","name":"Lokibot","type":"malware","source":"MITRE","software_attack_id":"S0447","tidal_id":"4178896e-9633-5dc0-933a-4c8f261cac3b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"15df91be-875a-4b20-8a89-17e2cdb588aa","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"bfd2a077-5000-4500-82c4-5c85fb98dd5a","name":"LookBack","type":"malware","source":"MITRE","software_attack_id":"S0582","tidal_id":"d7129ef6-8722-530f-a7fd-63ca1ef22c04","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3b1e04c9-3cea-4aba-ae48-d4ddf52966a6","name":"LOOKOVER","type":"malware","source":"Trellix TIG","software_attack_id":"S3429","tidal_id":"9fc09ad5-6064-5212-865e-6f303190aa4f","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0a2b5329-a9ce-4899-87a6-ba98c77ab9e1","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"41041d5d-0866-4a57-92b7-d075d8b344ad","name":"LostMyPassword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3037","tidal_id":"9101cd23-42a6-509d-98a6-98e45962a9d7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17b4cf26-36c3-47af-a3bb-e6c3a84a2ab9","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e0d274ed-26b7-4740-8b63-874f14b72858","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"56e29dc5-71cc-4f56-8bea-c2ce8d732180","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2ce11cbf-5063-49c3-ba61-9804761f9fd8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"67f0b82d-3b09-478d-af35-f4c52c39b309","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"5dfb0df1-27ca-4e31-8a7a-53bdee783822","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e3d83f3d-f327-44c0-85c8-83e777c5a0ce","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"8b65094a-b1bd-45e0-8887-2f0c115f9b93","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"09eb402e-37fe-4b19-9ce7-e1ff204ef094","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"698483b7-26cf-42b4-abeb-870f628d2842","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e2fbefb2-7ca9-41d0-baa7-b9e41661c1ea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f503535b-406c-4e24-8123-0e22fec995bb","name":"LoudMiner","type":"malware","source":"MITRE","software_attack_id":"S0451","tidal_id":"1f619481-55ca-5c1b-9411-1b3a3f43534a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"fce1117a-e699-4aef-b1fc-04c3967acc33","name":"LOWBALL","type":"malware","source":"MITRE","software_attack_id":"S0042","tidal_id":"c39fa890-514e-5255-92d8-129c6dc98eaf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"37a5ae23-3da5-4cbc-a21a-a7ef98a3b7cc","name":"Lslsass","type":"tool","source":"MITRE","software_attack_id":"S0121","tidal_id":"ae5937a2-47a2-5573-8125-9eef24025f10","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ba1f4830-2332-4a61-923a-8ebd970589e0","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"723d9a27-74fd-4333-a8db-63df2a8b4dd4","name":"Lucifer","type":"malware","source":"MITRE","software_attack_id":"S0532","tidal_id":"77e41a5c-bc96-584b-8e7e-d133b8834570","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"974c2bfd-964c-42a9-b5ce-d7827e012ddf","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":null},{"id":"5a1c6cd5-a6f2-4545-8b33-97f97b5fa34f","name":"Lumar Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3400","tidal_id":"faef662b-d965-5c73-a751-95c488547456","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f91bc26f-bb53-42bf-af9f-b754e13f1b7b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"3bf075a0-5335-4754-9164-95b1dd7b9a1e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"feb18b36-5c8c-43ca-8114-886c380b74dd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"81bcfedd-3e9f-5023-8021-2251e8f06636","name":"Lumma Stealer","type":"malware","source":"MITRE","software_attack_id":"S1213","tidal_id":"81bcfedd-3e9f-5023-8021-2251e8f06636","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d1103798-b022-4637-a647-dd741599139e","name":"LummaC2","description":"[[SpyCloud Stealers Chrome Bypass October 2 2024](/references/9e680ab4-5d8d-46a1-a1e8-2ca2914bb93f)]","source":"Tidal Cyber","associated_software_id":"2413da2c-21e3-4179-bbb3-ccf1be5bb052","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d96bb3f5-16a7-5298-bc36-820af6aba819","name":"LummaStealer","description":"[[Cybereason LumaStealer Undated](https://app.tidalcyber.com/references/3e299bbd-ef03-517a-95a6-4cbfb6eb2369)]","source":"MITRE","associated_software_id":"c8a1641a-5141-4221-971b-b05227068dbe","owner_id":null,"owner_name":null}],"groups":[{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"aebb56de-142a-463f-806b-09f3c084f0d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"10114b66-c83a-4c5b-8eb2-093fba2d21b8","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"f4101982-091b-4365-af87-b8ff8ad7b2c8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4b267849-bd0f-47b5-938a-1c0bd7bcfa2b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"629afbde-c922-4556-8805-ed62e230ec21","tag":"8a6bbea2-15ab-4bf9-861a-41498939b96c"},{"id":"211f4d11-f167-43df-abbc-8f25b3afed4c","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"4d4836fb-99c9-47fe-9cf9-26dd16f15d3c","name":"Lumma Stealer (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3399","tidal_id":"2c1adfc0-5153-5e1c-85c6-efb6130c037e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a654a4d2-7215-4d3e-b4a3-9747d204a5a6","name":"LummaC2","description":"[[SpyCloud Stealers Chrome Bypass October 2 2024](/references/9e680ab4-5d8d-46a1-a1e8-2ca2914bb93f)]","source":"Tidal Cyber","associated_software_id":"2413da2c-21e3-4179-bbb3-ccf1be5bb052","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dcecf94b-a5c8-4ea9-a2ad-7c1c65b68712","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"23c45edb-7d18-414e-88a0-8c9817892601","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1455bd24-8c69-4713-953e-e53573cda522","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e8e81e32-27b4-5830-94cb-a07ca1124296","name":"LunarLoader","type":"malware","source":"MITRE","software_attack_id":"S1143","tidal_id":"e8e81e32-27b4-5830-94cb-a07ca1124296","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"04c7172a-344f-4ade-ab74-8b132ba5c125","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"8fa2c759-a03f-5044-a125-0b66fba054de","name":"LunarMail","type":"malware","source":"MITRE","software_attack_id":"S1142","tidal_id":"8fa2c759-a03f-5044-a125-0b66fba054de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7341de42-4f0a-4b4e-8614-3304ab51a63e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6b231f41-51b7-5c78-afd5-6cb73a698045","name":"LunarWeb","type":"malware","source":"MITRE","software_attack_id":"S1141","tidal_id":"6b231f41-51b7-5c78-afd5-6cb73a698045","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6feae264-7048-49fa-8503-039384c7df3a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"0cc9e24b-d458-4782-a332-4e4fd68c057b","name":"Lurid","type":"malware","source":"MITRE","software_attack_id":"S0010","tidal_id":"319f8bf9-5bf2-5a7d-aab1-e6a96df533fd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a33a6a59-fc2d-42bd-8555-dd696de2421f","name":"Enfal","description":"","source":"MITRE","associated_software_id":"4905b225-105e-4aec-af6e-16466cc7b717","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f5d55fa5-afb8-46ff-b5b5-c792060fd7d3","name":"Lynx Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3169","tidal_id":"c31819ce-65f4-516f-810c-5ac94b68e979","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"526fb9ef-0f33-42fd-b4b5-c357203c1ed6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fb49b111-4f36-4ce8-bec1-c5b5bb9882e4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"51e905f3-56d7-4707-8c22-b7602a387579","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fa59e646-d6d5-4b0f-8dfa-d6caf709289c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"be8a1630-9562-41ad-a621-65989f961a10","name":"Machete","type":"malware","source":"MITRE","software_attack_id":"S0409","tidal_id":"dde289c5-34f8-5243-b5dc-c4ff1d5ebb8b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"53f691a0-57a8-4c74-a0cd-ff26db31cc2a","name":"Pyark","description":"[[360 Machete Sep 2020](https://app.tidalcyber.com/references/682c843d-1bb8-4f30-9d2e-35e8d41b1976)]","source":"MITRE","associated_software_id":"a4493a61-fd76-4668-83e3-f708beb2c553","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Securelist Machete Aug 2014](https://app.tidalcyber.com/references/fc7be240-bd15-4ec4-bc01-f8891d7210d9)][[ESET Machete July 2019](https://app.tidalcyber.com/references/408d5e33-fcb6-4d21-8be9-7aa5a8bd3385)]","group_attack_id":"G0095","group_id":"a3be79a2-3d4f-4697-a8a1-83f0884220af","name":"Machete","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7e5a643d-ebfd-4ec6-9fdc-79d6f47fafdb","name":"MacMa","type":"malware","source":"MITRE","software_attack_id":"S1016","tidal_id":"48676227-da49-52c7-a908-f4101843f734","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"6abb253d-1b77-4b95-8b4d-8fcba4a3104b","name":"OSX.CDDS","description":"[[Objective-See MacMa Nov 2021](https://app.tidalcyber.com/references/7240261e-d901-4a68-b6fc-deec308e8a50)]","source":"MITRE","associated_software_id":"246b0d77-743e-413a-8e7a-76a5a4b391de","owner_id":null,"owner_name":null},{"id":"79fc744d-4280-41e8-93bf-32c6264a604f","name":"DazzleSpy","description":"[[ESET DazzleSpy Jan 2022](https://app.tidalcyber.com/references/212012ac-9084-490f-8dd2-5cc9ac6e6de1)]","source":"MITRE","associated_software_id":"09e6536d-b970-43ae-a1ac-cea3a523635c","owner_id":null,"owner_name":null}],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) is linked to the use and potentially development of [MacMa](https://app.tidalcyber.com/software/7e5a643d-ebfd-4ec6-9fdc-79d6f47fafdb) through overlapping command and control infrastructure and shared libraries with other unique tools.[[Symantec Daggerfly 2024](https://app.tidalcyber.com/references/1dadd09e-e7b0-50a1-ba3d-413780dbeb80)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"74feb557-21bc-40fb-8ab5-45d3af84c380","name":"macOS.OSAMiner","type":"malware","source":"MITRE","software_attack_id":"S1048","tidal_id":"8766a8f3-d240-5372-b174-668ac6aa48c1","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e5e67c67-e658-45b5-850b-044312be4258","name":"MacSpy","type":"malware","source":"MITRE","software_attack_id":"S0282","tidal_id":"1ce0b11d-c4b3-51a3-b788-64eb02938194","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7506616c-b808-54fb-9982-072a0dcf8a04","name":"Mafalda","type":"malware","source":"MITRE","software_attack_id":"S1060","tidal_id":"439aa5b8-b0e8-5cbd-b9c2-0b4cac469b03","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelLabs Metador Sept 2022](https://app.tidalcyber.com/references/137474b7-638a-56d7-9ce2-ab906f207175)][[SentinelLabs Metador Technical Appendix Sept 2022](https://app.tidalcyber.com/references/aa021076-e9c5-5428-a938-c10cfb6b7c97)]","group_attack_id":"G1013","group_id":"a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b","name":"Metador","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1408a1dd-f889-5024-be7f-9deb77b06882","name":"MagicRAT","type":"malware","source":"MITRE","software_attack_id":"S1182","tidal_id":"1408a1dd-f889-5024-be7f-9deb77b06882","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[MagicRAT](https://app.tidalcyber.com/software/1408a1dd-f889-5024-be7f-9deb77b06882) is exclusively associated with [Lazarus Group](https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08) operations in 2022.[[Cisco MagicRAT 2022](https://app.tidalcyber.com/references/6dc427b1-7b0f-50b8-bbec-bab2f526fe0e)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f3f49771-4b18-47ec-b1d6-3d4e84c70045","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"20efee47-95bb-4fe2-aab2-463db7335218","name":"MAGICSPELL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3431","tidal_id":"d3dc4748-dcf1-5830-823f-9ded9becc01a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERT-UA Alert July 5 2023](/references/d7694540-fe19-44c7-a9e2-205a0e630878)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9fb9a336-2f22-44c1-99a7-14eddad9319b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"e1857b18-c8eb-452e-9d66-c0dd95b9ce0d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8605fb9e-992f-4f34-a041-0874abb9bb69","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d762974a-ca7e-45ee-bc1d-f5218bf46c84","name":"MailSniper","type":"tool","source":"MITRE","software_attack_id":"S0413","tidal_id":"9f30ba6e-1690-5d6a-92e2-553814461218","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"49450d3a-c8fd-43aa-a994-82661a83cb7f","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"08e34c09-230b-420a-b341-fd5884267414","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"4709493e-41c4-4010-ba5a-bcc043d4cd66","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"}],"owner_name":null},{"id":"cf7f05a7-4093-4855-b9d9-b93226056aec","name":"Makecab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3241","tidal_id":"afdd8fad-9736-59b1-925a-b85734de053b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a82ef541-630b-4801-aa84-2129c04f7d5a","name":"Makecab.exe","description":"[[Makecab.exe - LOLBAS Project](/references/6473e36b-b5ad-4254-b46d-38c53ccbe446)]","source":"Tidal Cyber","associated_software_id":"be6d153d-2288-4519-bade-cca6c8ae2aa8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec MuddyWater Dec 2018](/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c92ac041-dae7-43aa-93b5-c8de4820ad64","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"98e3fa04-e889-47d2-8f1a-6559ab11f21d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"77e249e3-371a-46b0-b99d-f38447219f86","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"42b95e51-fc59-459f-8c3a-eea6c436e13c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d1f95188-64bf-4e24-bd08-5fb31ae72571","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"d259f666-08a7-4756-b544-61ff6a6aa706","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"44083ecb-4e8f-447a-9bf6-dbf1b8a0f98b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1eb8e9c2-cdcb-416a-994d-391046752c91","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"be1f9185-1b49-43d3-b6c9-eb6ef107d62f","name":"Mallox Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3422","tidal_id":"8412c67f-9f93-560a-be83-03625a1a3827","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"775041ab-174e-4aa2-b0bd-8cd11f93cf30","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5ad01dd5-9c38-4a52-aba6-dc9de9315fe9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a0df79e1-d20e-4848-ac40-185952a6117f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9b6b705e-55ae-4d9e-9c57-baf1358cc324","name":"Manage-bde","type":"tool","source":"Tidal Cyber","software_attack_id":"S3380","tidal_id":"8fd860b4-7942-5117-8a92-6d801957383d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2309f2fb-b0ae-4957-847c-43fc9628608e","name":"Manage-bde.wsf","description":"[[Manage-bde.wsf - LOLBAS Project](/references/74d5483e-2268-464c-a048-bb1f25bbfc4f)]","source":"Tidal Cyber","associated_software_id":"8c479a90-537a-4661-ba2a-7e9e7ca5d04a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7aef1667-3f4c-4be2-acc7-360727d94f43","tag":"ff10869f-fed4-4f21-b83a-9939e7381d6e"},{"id":"1fbfeb3f-c774-4b28-89eb-6ec986e32007","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"822cad66-c200-4967-8b78-0d8e11d5c359","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5d966408-4206-536d-828f-dcc340dae746","name":"Mango","type":"malware","source":"MITRE","software_attack_id":"S1169","tidal_id":"5d966408-4206-536d-828f-dcc340dae746","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3386f6ca-a5b5-4699-b4a5-cf00a5778da5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9702e486-e5b9-486f-84f3-289c599d3d72","name":"Mango (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3162","tidal_id":"934e2f4a-904e-55f3-ad6c-8e224d67b9dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fc779d46-1aa6-41bc-9612-0874fabd1657","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d0b17e32-134d-40df-a352-dbcfb9a9e661","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1cf0e5e4-7888-4554-b7b0-d75b0f3c5631","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1821edd4-7554-5de8-8a22-9f4d49a4917d","name":"Manjusaka","type":"malware","source":"MITRE","software_attack_id":"S1156","tidal_id":"1821edd4-7554-5de8-8a22-9f4d49a4917d","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"08127906-d973-437e-8d7e-9cfa636e5dd8","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"5fd70a64-481d-4d0d-85e0-a3a636c87f29","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"888ca612-5629-4303-bca7-d6990006f654","name":"Mario Ransomware","type":"malware","source":"Trellix TIG","software_attack_id":"S3470","tidal_id":"c1a3a503-9021-5929-8894-cae5d1e95d4b","platforms":[],"associated_software":[{"id":"71147b53-ef8c-4f45-8df6-6374f9514220","name":"Mario ESXi","description":"","source":"Trellix TIG","associated_software_id":"ce4200b5-3a85-455c-b6e9-3e94750a26fb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a7b18d56-9620-4477-a696-57bbf3c65da6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"40806539-1496-4a64-b740-66f6a1467f40","name":"MarkiRAT","type":"malware","source":"MITRE","software_attack_id":"S0652","tidal_id":"c67afe62-9807-59b3-90c6-f65f9f980f63","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky Ferocious Kitten Jun 2021](https://app.tidalcyber.com/references/b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50)]","group_attack_id":"G0137","group_id":"275ca7b0-3b21-4c3a-8b6f-57b6f0ffb6fb","name":"Ferocious Kitten","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"00e8059d-25ad-4616-b5bf-4375fb79c605","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"24862f72-a4e0-4a6b-90d7-2465aa86c402","name":"MASSCAN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3121","tidal_id":"0961eb47-617f-5410-bc3c-5e948fec1c0c","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2b65f779-9b56-48d0-9fb5-bfad824647a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2e1e5531-8232-4042-a404-92362ad803be","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dce1900d-e606-453c-8b43-c260e5d7dbb8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ad8424d2-96a9-49ce-874d-d587923d3452","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"eeb700ea-2819-46f4-936d-f7592f20dedc","name":"Matryoshka","type":"malware","source":"MITRE","software_attack_id":"S0167","tidal_id":"328d7171-1af2-5e59-baef-8d26bd5baeae","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"aa472f81-7673-4545-89f9-1dd43cead4f1","name":"Mavinject","type":"tool","source":"Tidal Cyber","software_attack_id":"S3242","tidal_id":"adfa85fd-81c0-52e4-bca3-85688e38140c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ea9cd7d1-4a23-47fb-ad52-c4a077b9fe35","name":"Mavinject.exe","description":"[[LOLBAS Mavinject](/references/4ba7fa89-006b-4fbf-aa6c-6775842c97a4)]","source":"Tidal Cyber","associated_software_id":"e74db115-407d-44dd-906e-2163f2a50e29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4bea38ab-ea3c-4336-851a-acb91364fe8a","tag":"724c3509-ad5e-46a3-a72c-6f3807b13793"},{"id":"9ee34eb5-7eba-4fc3-a480-ecc08b853509","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b920b63e-c265-4179-be25-866929de010d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3c206491-45c0-4ff7-9f40-45f9aae4de64","name":"Maze","type":"malware","source":"MITRE","software_attack_id":"S0449","tidal_id":"ba144e38-3124-511e-b67b-aa72643fe3dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye Maze May 2020](https://app.tidalcyber.com/references/02338a66-6820-4505-8239-a1f1fcc60d32)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"48e1e810-fcab-45af-a730-e6f990d7f8e8","tag":"5b4ce6cb-0929-4f74-a3b2-bd1afa916d36"},{"id":"ab4c9459-9559-4307-b181-f7af0950664e","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ee75051f-1f92-40f3-a844-03e963eeb258","tag":"3c3f9078-5d1e-4c29-a5eb-28f237bbd1ad"},{"id":"c4246cd0-26a8-45be-b28f-38f3be309dba","tag":"1cc90752-70a3-4a17-b370-e1473a212f79"},{"id":"2b004fc5-8211-4f94-a5c5-125edd570a0c","tag":"286918d5-0b48-4655-9118-907b53de0ee0"},{"id":"a55d3b4c-5b70-42cd-a85a-454b0afe414e","tag":"c5c8f954-1bc0-45d5-9a4f-4385d0a720a1"},{"id":"e34b170a-2220-4704-b14c-189cceb61739","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"d915c383-f2c0-44eb-bf7c-3e2ee526feec","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"8fb74f9b-b2bf-4001-8df5-59385980854a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"fb879c66-92b1-4a43-8df8-987fc3bc1b1b","name":"MBR Killer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3020","tidal_id":"03ec153b-bb8c-576c-aa95-7574a647d3fb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"be777e2a-fd11-4d16-8d06-f13500d97a6f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f968fa3d-466a-41dc-82f7-27124d6fd22c","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"35c0bc78-2203-4aca-85f2-072d84b6e1bf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"939cbe39-5b63-4651-b0c0-85ac39cb9f0e","name":"MCMD","type":"tool","source":"MITRE","software_attack_id":"S0500","tidal_id":"230125ec-b69f-50c0-b8cf-f3331e46669b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks MCMD July 2019](https://app.tidalcyber.com/references/f7364cfc-5a3b-4538-80d0-cae65f3c6592)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"31cbe3c8-be88-4a4f-891d-04c3bb7ed482","name":"MechaFlounder","type":"malware","source":"MITRE","software_attack_id":"S0459","tidal_id":"833628a9-6c1d-5f36-93e8-23f471f79cde","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 MechaFlounder March 2019](https://app.tidalcyber.com/references/2263af27-9c30-4bf6-a204-2f148ebdd17c)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c9e824b2-554b-4f42-b4c3-48e0a841f589","name":"MedusaLocker Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3066","tidal_id":"b9bbad67-1f95-579d-8da6-e6795a94e044","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"95297f37-f62d-4763-bc78-1f69ffb1122e","tag":"0512bbd3-0596-4426-9ee6-d2bfeb8fd219"},{"id":"85aa814d-6e2a-4174-9bc7-46eb162f3a36","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"889d5c7d-d822-4cd0-8f84-4956410d83fe","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f43585ba-8754-4b5a-b420-28060084b7a3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"c387c7e0-b8d9-4475-8672-c1285e38f2a1","name":"Medusa Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3444","tidal_id":"072686d1-381c-5f01-83f4-c2eae1f34b7f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"87000d92-7f5c-482b-9888-64a4c08fe1d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"4bb1aaa0-5cc2-4340-90f6-3ff87cae2ccd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f8900361-ec66-4040-9c8a-e6d18125e394","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"862b2767-dff5-482b-ac98-7c0c51e6c554","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"8a364e3f-d07e-4720-9833-dd2ac0940bd6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"59d2b390-a8f1-49ba-b4d6-623a9b4f3810","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"}],"owner_name":"TidalCyberIan"},{"id":"7d5b9d91-9447-4b32-984b-16be30dab230","name":"Medusa Rootkit","type":"malware","source":"Trellix TIG","software_attack_id":"S3406","tidal_id":"30743d0d-f255-59b9-b966-55165350e931","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"49b265fd-a5e2-45df-bc46-e2d1c879c2cb","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":"TidalCyberIan"},{"id":"acc64744-7188-48b2-a753-196fff0467c6","name":"Meduza","type":"malware","source":"Tidal Cyber","software_attack_id":"S3401","tidal_id":"e88ec040-fae3-5e11-97cb-2f3089089a88","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7131b8dd-3b85-44fc-a698-2962b79dfd6a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"735eb1a8-6670-4c62-b52f-0097715b09f2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b0ff7fae-3762-434f-9021-b0c17cf64ea5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6c3bbcae-3217-43c7-b709-5c54bc7636b1","name":"meek","type":"tool","source":"MITRE","software_attack_id":"S0175","tidal_id":"7846ca12-2524-5013-8bca-f4e33ccec5b4","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"df92f37d-644d-481a-bf51-de3c0d65e39b","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"f2384d09-61fa-4679-b975-6901dcd5c506","name":"MEGAcmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3143","tidal_id":"bd9637bb-c32f-5203-882a-cfb63d95e4a2","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll Royal Ransomware February 13 2023](/references/de385ede-f928-4a1e-934c-8ce7a6e7f33b)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1d7a94cf-23d9-490c-b8a7-cf0a613dfcc9","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"5d4e4172-3b88-456e-9c1f-c87dc63afa33","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"231e9771-18af-4180-9bb8-157a8a54480b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"12e9ecc8-3ff1-47d1-be00-67f67fae54ac","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3e6ea8a5-7b79-41dc-9ddd-b00a6e53be86","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"24ec31f3-4ec9-445f-b750-59a8d9e39345","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d8a4a817-2914-47b0-867c-ad8eeb7efd10","name":"MegaCortex","type":"malware","source":"MITRE","software_attack_id":"S0576","tidal_id":"4fb00e00-c917-569c-b85f-7543325f184b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f71ae07c-29e8-4920-8b4f-d294081eba5a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"6a43077c-1a57-4f52-a3df-2ba364cdb083","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"eed908e5-a0b3-473f-bca4-0d3197af2168","name":"MEGAsync","type":"tool","source":"Tidal Cyber","software_attack_id":"S3021","tidal_id":"a7298a3d-2ff8-5982-b7d3-5e15a946b6ea","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Akira April 18 2024](/references/2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Resecurity BlackLock March 25 2025](/references/2977c45f-3a7a-42ae-be59-378aa288dc24)]","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d583ac3f-ad07-41e6-bed1-6959a97ae285","tag":"9db5e7e2-74da-46a7-9bf4-e4cfb66106c9"},{"id":"de059cdb-6c00-439f-8ff9-8cecc002ec2f","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"c3039d81-5cfb-437f-bb36-6461e0a8593e","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d4a92a21-ee50-41cd-9d8f-acac2b7ad8dd","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"11127535-9ca4-44bd-9177-25169678eefd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ecdae391-fe08-4288-afd7-b17778029af1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7b072437-1b34-4801-9d58-4f1b6a52c19c","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"74cd2d94-3542-426d-8c44-9578fa20dede","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5fd21d1f-8db8-4511-9a19-e9a49617017f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c3078833-6918-46a1-b818-3d67f1070c48","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"732cd3c4-8421-49fc-b19b-e909b633996a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"a547bcc4-a4de-496e-8079-8afa7671ee83","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"538ee4ad-850e-4edf-a447-94e1d203f2d6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"7129d4c0-1ff0-494b-ba50-6e47336358a3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ce7cc3f0-ec0e-49ae-940c-25e895de9ada","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1f97eced-24c7-4aef-86cd-fcbfc3b0910d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"462185ea-09b9-50b2-88f4-b1956d8cb392","name":"Megazord","type":"malware","source":"MITRE","software_attack_id":"S1191","tidal_id":"462185ea-09b9-50b2-88f4-b1956d8cb392","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Akira Ransomware APR 2024](https://app.tidalcyber.com/references/bfa99833-7ddf-576a-958c-adac87da09c8)][[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)][[Palo Alto Howling Scorpius DEC 2024](https://app.tidalcyber.com/references/26d3e738-8921-51bc-a71c-7e74278a6a78)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"47dc28b0-d7bc-4959-ae10-fcde7700073a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a86aa110-7b76-403c-815b-52e5aad6f059","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"aa844e6b-feda-4928-8c6d-c59f7be88da0","name":"Melcoz","type":"malware","source":"MITRE","software_attack_id":"S0530","tidal_id":"9e109128-6d39-5188-a59e-74b44bbdb352","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6a2e4e95-60c2-4cf1-a9dc-5e167127c472","name":"Merlin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3453","tidal_id":"d963286d-2dc2-557c-b0c6-47666f046cc0","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e5bef040-7d3a-4f19-a269-3ccde22089ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c185e50a-2157-4bbe-9a8f-776e8de0e1dc","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"b3604345-f37f-44bc-9dbe-e14e322e4bcf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7b3e8be3-7f27-4bb5-87a8-984c756b92d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"15d7e478-349d-42e6-802d-f16302b98319","name":"MESSAGETAP","type":"malware","source":"MITRE","software_attack_id":"S0443","tidal_id":"f75a4a1f-add4-5fe6-a321-478a151264c8","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[FireEye MESSAGETAP October 2019](https://app.tidalcyber.com/references/f56380e8-3cfa-407c-a493-7f9e50ba3867)][[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0a9874bf-4f02-5fab-8ab6-d0f42c6bc71d","name":"metaMain","type":"malware","source":"MITRE","software_attack_id":"S1059","tidal_id":"a1ba720a-3056-55a6-9425-0b68e219967b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelLabs Metador Sept 2022](https://app.tidalcyber.com/references/137474b7-638a-56d7-9ce2-ab906f207175)][[SentinelLabs Metador Technical Appendix Sept 2022](https://app.tidalcyber.com/references/aa021076-e9c5-5428-a938-c10cfb6b7c97)]","group_attack_id":"G1013","group_id":"a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b","name":"Metador","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ca607087-25ad-4a91-af83-608646cccbcb","name":"Metamorfo","type":"malware","source":"MITRE","software_attack_id":"S0455","tidal_id":"642fb2f3-83ac-5627-9e8d-9741fb1ad765","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c2833e32-851b-49d5-98e7-3dc7502ad069","name":"Casbaneiro","description":"[[ESET Casbaneiro Oct 2019](https://app.tidalcyber.com/references/a5cb3ee6-9a0b-4e90-bf32-be7177a858b1)]","source":"MITRE","associated_software_id":"10ba04c6-5c6e-4b8e-b855-3d02ce26808b","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"52eef453-1d67-4d28-9eb1-a89e2e575b7f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d3b1150-8bb3-49a8-8266-7023e3c5e50a","name":"Metasploit","type":"malware","source":"Tidal Cyber","software_attack_id":"S3068","tidal_id":"155efaf4-c697-5cda-8ac6-c411c8565252","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CERT-UA Alert April 28 2022](/references/ebea04a5-d21b-4174-a12b-b398c8054a9f)]","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc3f95da-c2be-4410-9809-3465cd623e0f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a13ad362-13df-45a5-a9c8-64804e39a05e","tag":"677c5953-3cc8-44bb-89bc-d9a31f9d170c"},{"id":"66ced8bf-8617-4412-b326-a8fe72d0c7c1","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"c92902a2-1236-4cd5-96e8-599257bf538b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a0e81a6c-9383-42e5-a0ca-3dddb361629f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5abaa27d-a852-482d-af49-a3bfe9d99089","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"bbcf7984-b1b1-4f77-a616-3f6ccc1551a4","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9f1b6201-0b75-43a4-acb5-7cefbc96772e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6932f6df-28cf-4bcf-a1ab-3afacdab2f52","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":"TidalCyberIan"},{"id":"e95281ef-a1b1-4da0-b7cc-fa0a9236a4fc","name":"MetaStealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3128","tidal_id":"a23800f2-af83-53c7-901e-7ea9736ed438","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"09465967-f406-43b1-8e94-f4142673e3dc","tag":"c7bd6fa4-288f-4da1-986e-e0fd9a4a3c97"},{"id":"87a1a74f-f1e0-4ce9-8f10-777e887f8efa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"60be8832-03bb-4197-b8cc-eeef1d417b37","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ee07030e-ff50-404b-ad27-ab999fc1a23a","name":"Meteor","type":"malware","source":"MITRE","software_attack_id":"S0688","tidal_id":"e0ec0c46-9c3b-5b8b-ab3a-3b57d44e56a5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"b6075cd0-075f-4a3e-a460-f052eefa6660","tag":"f68659fd-4d2f-4c9c-959d-b9f7ef91c228"}],"owner_name":null},{"id":"62a44d4d-d7ea-4b8f-b29c-2b6867acbaf2","name":"Meterpreter","type":"tool","source":"Tidal Cyber","software_attack_id":"S3498","tidal_id":"48f991d5-3d8f-505e-b636-96e2308ea59c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[AhnLab Kimsuky Meterpreter May 15 2025](/references/317e7e68-f7b2-4976-9604-7fba5dabce62)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cisco Talos Mustang Panda May 5 2022](/references/6d329def-43ef-40e0-bf70-7bc6fa9bcc2a)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Elastic CUBA Ransomware 2022](/references/79299d27-dbbf-56d0-87fd-15e3f9167cf8)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9937d872-27b5-47a2-ab6d-2628cde99d67","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4248cd5b-fb03-432f-858c-71e955165d02","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cdee8f1c-b14b-4224-8875-ca2306952a9c","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"248f43d9-3481-42f4-9c14-78dcf99169a6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"21cfd839-98f7-4662-be7e-41376bb26ada","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4184f447-6f74-487b-be08-6330a6b78992","name":"Mftrace","type":"tool","source":"Tidal Cyber","software_attack_id":"S3345","tidal_id":"93eea13c-baf9-5c55-aa2c-090f2c683a68","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3c8563d5-7397-4275-8df1-d365026c3f3f","name":"Mftrace.exe","description":"[[Mftrace.exe - LOLBAS Project](/references/b6d42cc9-1bf0-4389-8654-90b8d4e7ff49)]","source":"Tidal Cyber","associated_software_id":"d9cc6ddb-3c47-45f9-8caf-8124ca55945f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"936cd336-c869-4a34-ac8e-eb8c4f9b3f88","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b70184c6-19ad-480f-b9b3-841ed6cfe025","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"df390ec3-6557-524d-8a89-3fceff24ca96","name":"MgBot","type":"malware","source":"MITRE","software_attack_id":"S1146","tidal_id":"df390ec3-6557-524d-8a89-3fceff24ca96","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) is uniquely associated with the use of [MgBot](https://app.tidalcyber.com/software/df390ec3-6557-524d-8a89-3fceff24ca96) since at least 2012.[[ESET EvasivePanda 2023](https://app.tidalcyber.com/references/08026c7e-cc35-5d51-9536-a02febd1a891)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"19c5e992-0259-4473-9d5d-57e0fa1066b4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5879efc1-f122-43ec-a80d-e25aa449594d","name":"Micropsia","type":"malware","source":"MITRE","software_attack_id":"S0339","tidal_id":"37ff5eec-32b1-5bee-a237-2e74984baf6b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5c3c18c2-3118-44ab-9f75-52d32c32d7bb","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"370b00ba-1f91-4375-8a4c-5ca67066f4fd","name":"Microsoft.NodejsTools.PressAnyKey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3346","tidal_id":"52f47901-2134-5b79-9545-71cb2ef40971","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"50c7eb9c-5bc2-4e06-a052-835c2f76ac5c","name":"Microsoft.NodejsTools.PressAnyKey.exe","description":"[[Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project](/references/25c46948-a648-4c3c-b442-e700df68fa20)]","source":"Tidal Cyber","associated_software_id":"9ddd8ae4-93ff-41ce-b8f2-ac035a25411f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"beb71865-d07c-495f-9544-ede89d52babe","tag":"eb75bfce-e0d6-41b3-a3f0-df34e6e9b476"},{"id":"32b12833-7230-49a2-9508-7e4c4a1662e7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ed7e6142-fbc8-4086-b738-13b387f2e2cf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"27bd5fc3-17d9-46fa-84ce-c772736512cd","name":"Microsoft.Workflow.Compiler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3243","tidal_id":"8bfe5f38-1a6b-5086-a41a-1933881c1063","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9d2ea5e7-8e65-42a3-ad22-451f034e1acc","name":"Microsoft.Workflow.Compiler.exe","description":"[[Microsoft.Workflow.Compiler.exe - LOLBAS Project](/references/1e659b32-a06f-45dc-a1eb-03f1a42c55ef)]","source":"Tidal Cyber","associated_software_id":"26fae087-2715-4a16-8583-ffe1e0040044","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"39d43b08-4221-4690-9666-513e6e314aa0","tag":"b48e3fa8-25b4-42be-97e7-086068a150c5"},{"id":"6d3a1866-ad8c-4487-80e6-972340e85fc4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"549defa4-002b-4de4-aa41-33267b5f088a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57545dbc-c72a-409d-a373-bc35e25160cd","name":"Milan","type":"malware","source":"MITRE","software_attack_id":"S1015","tidal_id":"7b9c490b-d2bd-5991-92a3-6878ac3704dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"053eadf6-5b33-45d1-b499-837e43d4a3aa","name":"James","description":"[[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]","source":"MITRE","associated_software_id":"e94603e8-5352-4ef9-9970-e2ac9ede79b4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)][[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d3a80d1f-1d1d-4ac4-ae2a-c687dff7b47e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b8e7c0b4-49e4-4e8d-9467-b17f305ddf16","name":"Mimikatz","type":"tool","source":"MITRE","software_attack_id":"S0002","tidal_id":"387f8f1d-b604-554d-a2b3-61de15d2c5e1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Cuba August 9 2022](/references/06f668d9-9a68-4d2f-b9a0-b92beb3b75d6)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)][[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)][[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)][[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 MuddyWater Nov 2017](https://app.tidalcyber.com/references/dcdee265-2e46-4f40-95c7-6a2683edb23a)][[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)][[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)][[Dark Reading APT39 JAN 2019](https://app.tidalcyber.com/references/b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58)][[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit42 OilRig Playbook 2023](https://app.tidalcyber.com/references/e38902bb-9bab-5beb-817b-668a67a76541)][[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)][[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)][[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)][[Unit 42 Playbook Dec 2017](https://app.tidalcyber.com/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[RedCanary Mockingbird May 2020](https://app.tidalcyber.com/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET Turla Mosquito May 2018](https://app.tidalcyber.com/references/d683b8a2-7f90-4ae3-b763-c25fd701dbf6)][[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)][[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)][[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)][[Mandiant_UNC2165](https://app.tidalcyber.com/references/92e39558-cd2c-54c4-8930-aafdd2f14bca)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Threat Group-3390](https://app.tidalcyber.com/groups/79be2f31-5626-425e-844c-fd9c99e38fe5) has used a modified version of Mimikatz called Wrapikatz.[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)][[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)][[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)][[Talent-Jump Clambling February 2020](https://app.tidalcyber.com/references/51144a8a-0cd4-4d5d-826b-21c2dc8422be)][[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16) for credential dumping during operations.[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Netscout Stolen Pencil Dec 2018](https://app.tidalcyber.com/references/6d3b31da-a784-4da0-91dd-b72c04fd520a)][[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)][[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has gathered credentials using [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16).[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)][[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[Microsoft 365 Defender Solorigate](https://app.tidalcyber.com/references/449cf112-535b-44af-9001-55123b342779)][[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)][[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye TRITON 2019](https://app.tidalcyber.com/references/49c97b85-ca22-400a-9dc4-6290cc117f04)]","group_attack_id":"G0088","group_id":"3a54b8dc-a231-4db8-96da-1c0c1aa396f6","name":"TEMP.Veles","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Whitefly March 2019](https://app.tidalcyber.com/references/d0e48356-36d9-4b4c-b621-e3c4404378d2)]","group_attack_id":"G0107","group_id":"f0943620-7bbb-4239-8ed3-c541c36baaa1","name":"Whitefly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) used [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16) to dump credentials from LSASS memory.[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)]","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MSTIC DEV-0537 Mar 2022](https://app.tidalcyber.com/references/a9ce7e34-6e7d-4681-9869-8e8f2b5b0390)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)][[PTSecurity Cobalt Dec 2016](https://app.tidalcyber.com/references/2de4d38f-c99d-4149-89e6-0349a4902aa2)][[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN13 Aug 2022](https://app.tidalcyber.com/references/ebd9d479-1954-5a4a-b7f0-d5372489733c)]","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)]","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)][[Microsoft NICKEL December 2021](https://app.tidalcyber.com/references/29a46bb3-f514-4554-ad9c-35f9a5ad9870)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cyber Centre ALPHV/BlackCat July 25 2023](/references/610c8f22-1a96-42d2-934d-8467d136eed2)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"067118ee-2ded-4ac8-9a42-00185fab68a8","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"65affbd0-9c2a-4abc-9922-370c4048d32b","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"0f61b358-d7f2-4161-88aa-8271423c72fd","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"009ed2b3-2a35-4256-9bd0-eb8784cc54a7","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d2f159da-35b7-4f8e-a0e2-e6e839f51f4d","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"a4005fbe-44fb-4758-8a94-006117b37843","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"ccde64c1-4aea-462f-bca7-7e49ca09d13d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5c9ecb01-ade4-4274-bbb7-80ad92ca895f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"68529ee9-3fb8-4f9d-b0a9-6d7bf61ad850","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c0d0ae40-2edb-4adb-af41-680f0f123d7b","tag":"5fda51b0-dfda-49bd-8615-524b45d4cd44"},{"id":"4f891d3f-d51b-4c34-a660-f2f89877ad1f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b008a4f4-b592-4bb9-b457-11166802f03a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a95dcb52-1697-4150-9443-3cd26f3ad5a6","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"dbce1a6f-1196-4e04-ba0c-dc1be67a7a3c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"43707970-2add-43cc-b8fd-740a346be49e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a600b6c2-5a66-43a7-bafa-0d71e2cd2b88","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"0ded591f-1b31-486b-95f5-aaa1749fb177","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"bd26c0ee-b06b-4461-bda8-e371d36f5d35","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"209170a6-3bf1-4b3e-b327-a9e6621bc57b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a145b987-853f-4ab2-8bc6-822ed2852ab9","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"68b6d52a-7d15-449e-bee3-8031afa2ea71","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"42350632-b59a-4cc5-995e-d95d8c608553","name":"MimiPenguin","type":"tool","source":"MITRE","software_attack_id":"S0179","tidal_id":"bcbbd5a7-ee70-5011-a858-e5d464222aba","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Palo Alto Black-T October 2020](https://app.tidalcyber.com/references/d4351c8e-026d-4660-9344-166481ecf64a)]","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7eebbfb7-b972-4e4e-9a96-484109b9226f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"c0dea9db-1551-4f6c-8a19-182efc34093a","name":"Miner-C","type":"malware","source":"MITRE","software_attack_id":"S0133","tidal_id":"4230530e-e31c-513c-9d4e-aa642451c03c","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2bb16809-6bc3-46c3-b28a-39cb49410340","name":"MiniDuke","type":"malware","source":"MITRE","software_attack_id":"S0051","tidal_id":"d91ddf8a-03a3-58f4-9db1-e7330d6f3e86","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b2a5a96a-ccd2-4a72-98c1-839d0b289cca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"2fecbdd8-1631-4ec0-a92b-5ebd00233e07","name":"MiniDump","type":"tool","source":"Trellix TIG","software_attack_id":"S3474","tidal_id":"7fa33aff-ca92-53eb-89d3-663554526091","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a9b2d5c7-a7a3-4097-a00c-20d1aeaa51ec","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"535f1b97-7a70-4d18-be4e-3a9f74ccf78a","name":"MirageFox","type":"malware","source":"MITRE","software_attack_id":"S0280","tidal_id":"314fd151-efe6-5fa7-ab44-3aacfd9302e6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[APT15 Intezer June 2018](https://app.tidalcyber.com/references/0110500c-bf67-43a5-97cb-16eb6c01040b)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3b0b100d-bab9-4fb0-87be-8f2e6edb5269","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4048afa2-79c8-4d38-8219-2207adddd884","name":"Misdat","type":"malware","source":"MITRE","software_attack_id":"S0083","tidal_id":"0e81dbd0-b09b-510f-87f6-225c5e309a13","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"758e5226-6015-5cc7-af4b-20fa35c9bac1","name":"Mispadu","type":"malware","source":"MITRE","software_attack_id":"S1122","tidal_id":"31421adf-fa7e-5f99-9248-14bd4e52948d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SCILabs Malteiro 2021](https://app.tidalcyber.com/references/c6948dfc-b133-556b-a8ac-b3a4dba09c0e)]","group_attack_id":"G1026","group_id":"803f8018-6e45-5b0f-978f-1fe96b217120","name":"Malteiro","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7d075221-9470-4063-b7de-41c1896b9e2b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fe554d2e-f974-41d6-8e7a-701bd758355d","name":"Mis-Type","type":"malware","source":"MITRE","software_attack_id":"S0084","tidal_id":"5cfb8072-5131-51c3-a5ff-abed1417b7f2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f603ea32-91c3-4b62-a60f-57670433b080","name":"Mivast","type":"malware","source":"MITRE","software_attack_id":"S0080","tidal_id":"62bbfd6a-2eb5-5c22-adb3-abf392990008","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Black Vine](https://app.tidalcyber.com/references/0b7745ce-04c0-41d9-a440-df9084a45d09)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"21adf67d-2c0c-4c6d-a0dc-b7ca7c159513","name":"mkdir","type":"tool","source":"Trellix TIG","software_attack_id":"S3416","tidal_id":"2aac8456-1015-5bc1-9994-8eb2242b8844","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"7bded42d-ad82-4b00-88c7-c1129c11894d","name":"MKG","type":"malware","source":"Tidal Cyber","software_attack_id":"S3160","tidal_id":"fb51e6b5-06bc-55ed-bd74-8839eeeb3a52","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ff203467-3552-429e-a7f3-50a7fc9d5424","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"60a05fc4-3ae7-4793-87f1-2e3705d1c932","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a8a65789-3e91-4941-b2d6-15baf3e11bd7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8c7acae2-f844-4e01-86d8-18c3ea90963f","name":"Mmc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3244","tidal_id":"1904ef1b-9fb7-5fb7-b9e6-601678691c6f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9e2cab0f-efe8-4d8e-b293-e54ce4fb5db3","name":"Mmc.exe","description":"[[Mmc.exe - LOLBAS Project](/references/490b6769-e386-4a3d-972e-5a919cb2f6f5)]","source":"Tidal Cyber","associated_software_id":"08c13774-647c-472d-8e6e-d1fb2f21e67d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6c91ec46-fa68-4073-92e9-6bb987152962","tag":"f9e6382f-e41e-438e-bd7e-57a57046d9e6"},{"id":"baa7e135-cf1a-4ec8-990e-aad1caf97a70","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e8f5a473-b458-4ca7-b05f-5b4139cf4ba5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"116f913c-0d5e-43d1-ba0d-3a12127af8f6","name":"MobileOrder","type":"malware","source":"MITRE","software_attack_id":"S0079","tidal_id":"219b00d2-a480-5f92-a0f5-33b402eb5182","platforms":[],"associated_software":[],"groups":[{"description":"[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7ca5debb-f813-4e06-98f8-d1186552e5d2","name":"MoleNet","type":"malware","source":"MITRE","software_attack_id":"S0553","tidal_id":"561b5782-e54c-5dc0-bf26-c68b2774ab0a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)] ","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"90bc946d-90ec-49ec-919f-1474128ee171","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9bffdaff-a9dc-59fa-9899-9d987fa190dd","name":"Moneybird","type":"malware","source":"MITRE","software_attack_id":"S1137","tidal_id":"9bffdaff-a9dc-59fa-9899-9d987fa190dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Moneybird](https://app.tidalcyber.com/software/9bffdaff-a9dc-59fa-9899-9d987fa190dd) is associated with ransomware operations launched by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a).[[CheckPoint Agrius 2023](https://app.tidalcyber.com/references/b3034b5d-1fe5-5677-a2e8-9329141875d4)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3229b171-77d4-48ff-88ba-6ea0a42ac328","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7f5355b3-e819-4c82-a0fa-b80fda8fd6e6","name":"Mongall","type":"malware","source":"MITRE","software_attack_id":"S1026","tidal_id":"3705b3a8-a414-505a-83f4-1324c3aaeb37","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelOne Aoqin Dragon June 2022](https://app.tidalcyber.com/references/b4e792e0-b1fa-4639-98b1-233aaec53594)]","group_attack_id":"G1007","group_id":"454402a3-0503-45bf-b2e0-177fa2e2d412","name":"Aoqin Dragon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0eaaaf3b-5a01-4c51-a4bf-b921d9267ee8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7d7905f9-22cf-4b30-bb8f-5b5da52d1036","name":"Monti Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3170","tidal_id":"b9475183-8ee2-5804-87af-3918b2ab1563","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c476b8fe-e05c-4c64-8ce8-75c1baff2f19","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"13a8ed39-3497-4d09-a661-6d7a291bc03b","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"0ae9b4aa-93f4-4124-9275-bdfbc11b6dd1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"695f13fc-c10f-4fd1-994e-9fe20af6a17e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a699f32f-6596-4060-8fcd-42587a844b80","name":"MoonWind","type":"malware","source":"MITRE","software_attack_id":"S0149","tidal_id":"8d1dc8d0-32cb-5e6d-855f-85538aafed08","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a556e5cb-2381-4346-a002-8b0ba07d34fa","name":"MOPSLED","type":"malware","source":"Trellix TIG","software_attack_id":"S3445","tidal_id":"afb7e00c-474f-5ccf-a1f8-9012f2a14a0c","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"237ccf95-e9db-4c40-bff0-87bf0d3b92c9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"69f202e7-4bc9-4f4f-943f-330c053ae977","name":"More_eggs","type":"malware","source":"MITRE","software_attack_id":"S0284","tidal_id":"07763048-24c7-5c70-aa54-55b9ddadfbb5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4577117f-d47d-4867-bfc0-15f1835d571b","name":"Terra Loader","description":"[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)][[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]","source":"MITRE","associated_software_id":"8e995f3c-8e8d-4f7e-b91c-9c9d02ae1448","owner_id":null,"owner_name":null},{"id":"fae5b21a-80f3-4ba5-a5c6-ff5c047ef62d","name":"SKID","description":"[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","source":"MITRE","associated_software_id":"d2877108-0856-4969-8eb5-421cd2d7acf8","owner_id":null,"owner_name":null},{"id":"04730daa-f110-4c35-8a36-745ea17e000f","name":"SpicyOmelette","description":"[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]","source":"MITRE","associated_software_id":"96f03902-3d1b-49cf-a0df-8add8434f012","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET EvilNum July 2020](https://app.tidalcyber.com/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Talos Cobalt Group July 2018](https://app.tidalcyber.com/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)][[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)][[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3a373269-0e16-41ea-b566-2cbfa3fa6d1b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"385e1eaf-9ba8-4381-981a-3c7af718a77d","name":"Mori","type":"malware","source":"MITRE","software_attack_id":"S1047","tidal_id":"f64c5bf4-6e30-5b27-aab8-f85b3812725d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9ce0637d-4925-4bfb-b61a-07cd4de5ca55","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c3939dad-d728-4ddb-804e-cf1e3743a55d","name":"Mosquito","type":"malware","source":"MITRE","software_attack_id":"S0256","tidal_id":"4e717308-8894-5874-af35-270c45cbbda3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Turla Mosquito Jan 2018](https://app.tidalcyber.com/references/cd177c2e-ef22-47be-9926-61e25fd5f33b)][[ESET Turla Mosquito May 2018](https://app.tidalcyber.com/references/d683b8a2-7f90-4ae3-b763-c25fd701dbf6)][[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5f9400c8-35e9-4dd2-9369-02e31b5bbdaf","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"06772736-c60f-4526-a8e2-1554a8050831","name":"mount (Unix)","type":"tool","source":"Trellix TIG","software_attack_id":"S3407","tidal_id":"34c7f089-a368-5cce-9637-9895a4e410eb","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"ec54a1e4-92d4-4503-a510-a18989f1f8f3","name":"MpCmdRun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3245","tidal_id":"e9d50148-25cb-56b1-a353-41d7ae1e8a5d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed767e80-c2bc-4e9a-8977-c918db11259f","name":"MpCmdRun.exe","description":"[[MpCmdRun.exe - LOLBAS Project](/references/2082d5ca-474f-4130-b275-c1ac5e30064c)]","source":"Tidal Cyber","associated_software_id":"78bdf160-7b3c-4832-a3fc-1caa419309c7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"11ab5df5-39c8-4f6d-b98d-fbde2044e0fd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d7191684-e206-49d4-8e91-46013a93a29b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"730cb8cb-3663-424b-b335-ea93533e8106","name":"mrAgent","type":"malware","source":"Trellix TIG","software_attack_id":"S3467","tidal_id":"63d33965-4eda-5dd9-a245-454536930444","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f6304e51-130f-4cb5-8dc0-d4c270b8f54f","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"c3b1f336-b77b-4bfb-b1d6-de4a9016e621","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"5808cc2e-fefc-422e-9b1b-8226b398bb76","name":"MSAccess","type":"tool","source":"Tidal Cyber","software_attack_id":"S3481","tidal_id":"66e29556-8396-5e79-b175-3a15b3eebadb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aba0cd63-6d69-4b6f-ab62-45878b9c10f0","name":"MSAccess.exe","description":"[[MSAccess.exe - LOLBAS Project](/references/2796b750-4801-4a36-b67a-00cde283fb7c)]","source":"Tidal Cyber","associated_software_id":"03430a9e-830f-444e-b884-8062b90c7e1a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"49eab26b-bcb3-403d-a848-bc3ae350aae7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"17a86f52-86b7-411e-b8c8-3f402b1adb70","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1f500e4c-25a1-4570-a3ba-5c9cd463afde","name":"Msbuild","type":"tool","source":"Tidal Cyber","software_attack_id":"S3246","tidal_id":"1caf5a8a-e73f-5f24-8ee3-bca0b6965001","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"43ae4958-8850-4fef-8f6a-b7a22355953a","name":"Msbuild.exe","description":"[[LOLBAS Msbuild](/references/de8e0741-255b-4c41-ba50-248ac5acc325)]","source":"Tidal Cyber","associated_software_id":"7e97093f-629d-4de9-8c28-3adc429e3abb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"335ffbb3-8dac-4e03-9f36-31c47b90cf20","tag":"dfda978e-e0a0-4e1a-85c7-d9ab2cd7ccc5"},{"id":"f617c1ab-dea8-4b7d-994a-ecee76b983c3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d4bd60e4-3d0a-479b-87c4-d9137de18f6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"90c6cc43-d9dd-436c-b7ee-ede979765bdf","name":"Msconfig","type":"tool","source":"Tidal Cyber","software_attack_id":"S3247","tidal_id":"b5826798-b2c5-5729-ab1f-69e28fa1ddf0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1673ec41-a2e1-46eb-8c02-d71278ae5a48","name":"Msconfig.exe","description":"[[Msconfig.exe - LOLBAS Project](/references/a073d2fc-d20d-4a52-944e-85ff89f04978)]","source":"Tidal Cyber","associated_software_id":"98ecedd7-7044-41c6-b9df-5b8c88b41713","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"15db0845-5e60-4cf5-8a79-b244942ef7df","tag":"7e20fe4e-6883-457d-81f9-b4010e739f89"},{"id":"17051748-cc16-49b7-b3b7-a427de00c930","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"316c19d4-4e74-44fd-85ae-bc196ad1691d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"175b32ed-bea6-491c-8aac-d088f642a6e1","name":"Msdeploy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3347","tidal_id":"48f7f103-4e9b-506f-9fe6-3cfdd34fa104","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b2d9ba67-d1e9-476a-9181-59102704fc7d","name":"Msdeploy.exe","description":"[[Msdeploy.exe - LOLBAS Project](/references/e563af9a-5e49-4612-a52b-31f22f76193c)]","source":"Tidal Cyber","associated_software_id":"69a34cf5-5e76-48b5-b1c0-9ab895dbd9f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"32c2552b-67f9-465a-90c3-f6602c01f847","tag":"11452158-b8d2-4a33-952a-8896f961a2f5"},{"id":"dbedd674-c6d9-46a3-aa05-b86c89e353c0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1ef31ee5-144e-465d-94fd-f261b74a4def","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bc39280c-da92-4e78-ab37-7c54ff72a1ba","name":"Msdt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3248","tidal_id":"a25d16e5-aacc-5994-903b-cdb33812c946","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2cbee2c8-3dbd-44ed-8617-a53eeca4740a","name":"Msdt.exe","description":"[[Msdt.exe - LOLBAS Project](/references/3eb1750c-a2f2-4d68-b060-ceb32f44f5fe)]","source":"Tidal Cyber","associated_software_id":"19e717f8-ecab-48e6-83c0-90d8d20e875d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e49f1921-8378-4273-a7e5-b1bfa183fae3","tag":"8c30b46b-3651-4ccd-9d91-34fe89bc6843"},{"id":"0f3d2349-0b48-4200-9b1c-6707a962fd38","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ff226ba9-c725-4406-87bb-ab7a37abbb80","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d64d75ba-1722-4a39-ab7f-d46c5d5815ec","name":"Msedge","type":"tool","source":"Tidal Cyber","software_attack_id":"S3249","tidal_id":"f97d604e-1b1c-5ecd-a8ea-bbe96e334d0b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a9eff8ce-1b3a-4987-bcee-55ce2d140332","name":"Msedge.exe","description":"[[Msedge.exe - LOLBAS Project](/references/6169c12e-9753-4e48-8213-aff95b0f6a95)]","source":"Tidal Cyber","associated_software_id":"79b9559f-79c5-4e40-85a9-6238400bb523","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fe2164c0-f282-4518-840c-72cdbb91fc33","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"3255070b-7924-46f3-b478-bc970714a6fa","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4e018e19-7697-46f4-b439-cdcea4632d7b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a9ead87e-9d68-497d-a6ee-b3fdb0a3a822","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"46119118-94c0-4d89-a95a-9008e7f8c643","tag":"5bd3af6b-cb96-4d96-9576-26521dd76513"},{"id":"c14b38c8-9e48-4d57-bc2a-a1321e8c5473","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8d1f7043-7a5e-4361-bdf8-c1e3486a9f93","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e098413e-1d54-4d1f-bf63-1443b57bcc2f","name":"msedge_proxy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3303","tidal_id":"e0cc9648-e6be-5086-9966-ec32ee133638","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8c5556da-165d-459a-ac74-e29656433aba","name":"msedge_proxy.exe","description":"[[msedge_proxy.exe - LOLBAS Project](/references/a6fd4727-e22f-4157-9a5f-1217cb876b32)]","source":"Tidal Cyber","associated_software_id":"51e2b302-2fa7-42c4-a559-6a77d987d48b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c61fb577-b437-484a-aa1c-511a0a793df8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f779f308-db3d-4e5e-8674-7ed1d8edf903","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ac6d4ab8-f34c-4b00-a943-cc2749b28a05","name":"msedgewebview2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3304","tidal_id":"5294af32-b5f0-58ed-b662-470283a132b2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8f151647-4a07-4e05-bb26-aee282b58d2e","name":"msedgewebview2.exe","description":"[[msedgewebview2.exe - LOLBAS Project](/references/8125ece7-10d1-4e79-8ea1-724fe46a3c97)]","source":"Tidal Cyber","associated_software_id":"0a528d20-d553-4d8d-a63c-14a0bcbd442f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a5cf2377-d763-45a6-80a9-187c6484b865","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"894b04ce-a52f-41df-8148-ea2486b681ee","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f552a5a4-49dd-4ba6-9916-e631df4d4457","name":"Mshta","type":"tool","source":"Tidal Cyber","software_attack_id":"S3250","tidal_id":"a554bb88-d2e8-5da1-9000-b665727a155c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"469c9511-dc04-477d-a05b-538bb8767e7d","name":"Mshta.exe","description":"[[LOLBAS Mshta](/references/915a4aef-800e-4c68-ad39-df67c3dbaf75)]","source":"Tidal Cyber","associated_software_id":"061ab2c8-f37a-4a57-95b4-9cc05d00f7e2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[MalwareBytes SideCopy Dec 2021](/references/466569a7-1ef8-4824-bd9c-d25301184ea4)]","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[EST Kimsuky April 2019](/references/8e52db6b-5ac3-448a-93f6-96a21787a346)][[CISA AA20-301A Kimsuky](/references/685aa213-7902-46fb-b90a-64be5c851f73)][[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)][[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Oceanlotus May 2017](/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)][[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye MuddyWater Mar 2018](/references/82cddfa6-9463-49bb-8bdc-0c7d6b0e1472)][[Securelist MuddyWater Oct 2018](/references/d968546b-5b00-4a7b-9bff-57dfedd0125f)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Shuckworm January 2022](/references/3abb9cfb-8927-4447-b904-6ed071787bef)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye FIN7 April 2017](/references/6ee27fdb-1753-4fdf-af72-3295b072ff10)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rewterz Sidewinder APT April 2020](/references/e1cecdab-d6d1-47c6-a942-3f3329e5d98d)][[Rewterz Sidewinder COVID-19 June 2020](/references/cdd779f1-30c2-40be-a500-332920f0e21c)]","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks BRONZE PRESIDENT December 2019](/references/019889e0-a2ce-476f-9a31-2fc394de2821)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Confucius APT Feb 2018](/references/d1d5a708-75cb-4d41-b2a3-d035a14ac956)]","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET T3 Threat Report 2021](/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MalwareBytes LazyScripter Feb 2021](/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Lazarus APT January 2022](/references/fbd96014-16c3-4ad6-bb3f-f92d15efce13)][[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c82dfa58-1eda-456e-bd8b-7258eec45016","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"da51c334-4b65-4d85-8b80-9e23741708b8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a634648f-9584-4f65-8d33-840684b523b7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"11e68053-be02-4495-9e0e-81354a7a3d7f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"355f5575-4ee2-4fc2-9d2e-8ea855d4a405","tag":"fe0e2dd3-962e-41a3-9850-cea146b1301f"},{"id":"bc33e19b-15ff-4b26-a5e5-4dc9743cd77f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c7bb8025-3d4a-4827-aedd-b984ff339a8c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f94674b9-f924-4452-8516-49657ed40032","name":"Mshtml","type":"tool","source":"Tidal Cyber","software_attack_id":"S3313","tidal_id":"83bc569e-2470-5f80-9b3f-f3b0288e49ad","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7e9c81fc-f32f-4619-8f83-03200a7d98d3","name":"Mshtml.dll","description":"[[Mshtml.dll - LOLBAS Project](/references/1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0)]","source":"Tidal Cyber","associated_software_id":"1a75f478-ea4b-4beb-a2d0-7b51e7368cb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"62b3c01e-a1a3-42b1-9c26-ca1fbc4c36d4","tag":"46338353-52ee-4f8d-9f18-f1b32644dd76"},{"id":"33aa6ab6-eed8-4517-a0fc-c9bea506bc94","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"66504062-3e66-44a3-a3f4-89b7351d90e4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9d00d3c4-9a01-403a-9275-c94960fd871f","name":"Msiexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3251","tidal_id":"56566d9b-c6a9-5ea5-acc2-9f6815f6c0ec","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6ce4d3a9-99fc-4c45-8e0e-cf6ac1e8ffdb","name":"Msiexec.exe","description":"[[LOLBAS Msiexec](/references/996cc7ea-0729-4c51-b9c3-b201ec32e984)]","source":"Tidal Cyber","associated_software_id":"925dfacc-a078-4d5e-bddb-fd5e4e204b71","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[360 Machete Sep 2020](/references/682c843d-1bb8-4f30-9d2e-35e8d41b1976)]","group_attack_id":"G0095","group_id":"a3be79a2-3d4f-4697-a8a1-83f0884220af","name":"Machete","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Zscaler APT31 Covid-19 October 2020](/references/1647c9a6-e475-4a9a-a202-0133dbeef9a0)]","group_attack_id":"G0128","group_id":"5e34409e-2f55-4384-b519-80747d02394c","name":"ZIRCONIUM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason TA505 April 2019](/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)][[Deep Instinct TA505 Apr 2019](/references/529524c0-123b-459c-bc6f-62aa45c228d1)][[Trend Micro TA505 June 2019](/references/e664a0c7-154f-449e-904d-335be1b72b29)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit42 Molerat Mar 2020](/references/328f1c87-c9dc-42d8-bb33-a17ad4d7f57e)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9a8434a7-e7b5-4c86-b5c7-f1e74a391632","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"84d6122c-5822-47ef-8d01-a9a58a865c75","tag":"fc2bbc6f-da5c-4afd-ae27-2fadf77c3bc4"},{"id":"042fb18d-21db-4f4f-ab76-70c368b7e7a8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"769a0d45-a1d2-45b4-9e04-67414b977a9e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d316ab94-0420-4356-a3bb-f92f42a4247c","name":"MsoHtmEd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3348","tidal_id":"4007072d-fbac-54b4-a24e-955eb0004326","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"20fc41e3-9d53-441a-b245-95445f534531","name":"MsoHtmEd.exe","description":"[[MsoHtmEd.exe - LOLBAS Project](/references/c39fdefa-4c54-48a9-8357-ffe4dca2a2f4)]","source":"Tidal Cyber","associated_software_id":"fc985102-ca75-491e-8eac-ba8ce06670e2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8c82e7f8-5935-480d-92e0-7602a2639be0","tag":"874c053b-d6b8-42c2-accc-cd256bb4d350"},{"id":"dee35149-b868-444d-96ff-f99c007f1faa","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"18555fae-37a0-4fc8-b340-2e4e7502a711","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c07f48ee-4667-4dd3-aa8e-cb6d588c547c","name":"Mspub","type":"tool","source":"Tidal Cyber","software_attack_id":"S3349","tidal_id":"1da472f3-c5aa-5f45-95f2-a0500b67453e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4f6e6932-0d33-48b1-a3e1-d84e3c5fd279","name":"Mspub.exe","description":"[[Mspub.exe - LOLBAS Project](/references/41eff63a-fef0-4b4b-86f7-0908150fcfcf)]","source":"Tidal Cyber","associated_software_id":"b36cdee2-05cb-44fb-853d-299e0a90165e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"562b5d48-0db2-4f94-a972-6006127e5a94","tag":"a523dcb0-9181-4170-a113-126df84594ca"},{"id":"3db1d2ab-8af6-4444-a20d-e0ecccd8a108","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"41149230-f06d-49b3-b64e-075f79c6ead5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8cccbfed-3f78-45fd-b5d1-efe884d28f09","name":"msxsl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3350","tidal_id":"4adfa5b1-319a-5b65-83ae-bc91f5efeda7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"02d62b59-e68d-4bbc-af64-302507b16897","name":"msxsl.exe","description":"[[msxsl.exe - LOLBAS Project](/references/4e1ed0a8-60d0-45e2-9592-573b904811f8)]","source":"Tidal Cyber","associated_software_id":"9ccccfe2-f653-42f7-9e36-3158781f4e2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1916de45-3e4f-4ff8-b8aa-b65c42d462c1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"749c06ac-964f-42a8-b259-7559fe25570d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b5f46c32-b316-5d9c-8dc1-a53df5487493","name":"MultiLayer Wiper","type":"malware","source":"MITRE","software_attack_id":"S1135","tidal_id":"b5f46c32-b316-5d9c-8dc1-a53df5487493","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[MultiLayer Wiper](https://app.tidalcyber.com/software/b5f46c32-b316-5d9c-8dc1-a53df5487493) is associated with wiping operations linked to [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a).[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7c227ed6-1d0c-4750-8afc-540bd795b94f","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"768111f9-0948-474b-82a6-cd5455079513","name":"MURKYTOP","type":"malware","source":"MITRE","software_attack_id":"S0233","tidal_id":"09188f67-8951-54c0-8d3c-7cd4fe200b5b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f1398367-a0af-4a89-b240-50cae4985ed9","name":"Mythic","type":"tool","source":"MITRE","software_attack_id":"S0699","tidal_id":"80750479-9891-559f-9953-bf1949b474e2","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ef410a8f-40a9-4f09-8738-9fcfdf107922","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"47e2aed7-c0c2-4bba-b5b8-483d33b9b915","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"8e554575-de78-4191-9971-c80614a4891a","name":"N-able","type":"tool","source":"Tidal Cyber","software_attack_id":"S3446","tidal_id":"15b11c83-6591-5c16-88b5-91077c764b1c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e515e9bc-5f68-4004-9732-2b6329a66e6a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7704e639-4bf7-45b0-9ca5-94d9ed3c6b99","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c4a7c985-617b-4ea2-bf13-7fc5b64308b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5346edf4-2b51-4c80-81fc-ae8fd6913666","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9ae2eaf2-2b0a-480d-b9e5-03fdbef0cc48","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5cfd6135-c53b-4234-a17e-759494b2101f","name":"Naid","type":"malware","source":"MITRE","software_attack_id":"S0205","tidal_id":"a02762ef-72bc-5f31-aa53-4138878a685a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8cc2f8ea-7657-446b-ba02-838df0868ced","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0e28dfc9-8948-4c08-b7d8-9e80e19cc464","name":"NanHaiShu","type":"malware","source":"MITRE","software_attack_id":"S0228","tidal_id":"cc26165c-8a79-5f17-9ce0-694c8bebedeb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"db05dbaa-eb3a-4303-b37e-18d67e7e85a1","name":"NanoCore","type":"malware","source":"MITRE","software_attack_id":"S0336","tidal_id":"c5b2405f-dca3-5152-b21a-3416058bf1f6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Citizen Lab Group5](https://app.tidalcyber.com/references/ffbec5e8-947a-4363-b7e1-812dfd79935a)]","group_attack_id":"G0043","group_id":"fcc6d937-8cd6-4f2c-adb8-48caedbde70a","name":"Group5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d03feade-c243-43ec-a967-ffeff0cb6e92","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"df2fd3bd-b1f1-4cb3-8c91-935f930beb93","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a814fd1d-8c2c-41b3-bb3a-30c4318c74c0","name":"NativeZone","type":"malware","source":"MITRE","software_attack_id":"S0637","tidal_id":"3a370aad-eee2-5207-beb8-ea686df334b5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SentinelOne NobleBaron June 2021](https://app.tidalcyber.com/references/98cf2bb0-f36c-45af-8d47-bf26aca3bb09)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0d888470-4333-4c39-9465-34e8d3d41889","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"b410d30c-4db6-4239-950e-9b0e0521f0d2","name":"NavRAT","type":"malware","source":"MITRE","software_attack_id":"S0247","tidal_id":"1c958fff-ab88-57e9-b27d-02dca9ade1f4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos NavRAT May 2018](https://app.tidalcyber.com/references/f644ac27-a923-489b-944e-1ba89c609307)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cada27a4-1bf1-4fce-8963-3c095db67a2b","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"950f13e6-3ae3-411e-a2b2-4ba1afe6cb76","name":"NBTscan","type":"tool","source":"MITRE","software_attack_id":"S0590","tidal_id":"a99a3864-7837-5364-a5b8-5fb55c1c4942","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)][[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)][[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)][[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [NBTscan](https://app.tidalcyber.com/software/950f13e6-3ae3-411e-a2b2-4ba1afe6cb76) during operations.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) used [NBTscan](https://app.tidalcyber.com/software/950f13e6-3ae3-411e-a2b2-4ba1afe6cb76) to scan victim networks for existing and accessible hosts.[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0d61aa4c-a7bf-4b00-866d-d61b2f649a43","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"be819678-c4f0-4cd0-b349-636f14bfc066","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"81c2fc9b-8c2c-40f6-a327-dcdd64b70a7e","name":"nbtstat","type":"tool","source":"MITRE","software_attack_id":"S0102","tidal_id":"403f828d-8a3e-599d-a363-5e19e8ba7a96","platforms":[],"associated_software":[],"groups":[{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6d42e6c5-3056-4ff1-8d5d-a736807ec84c","name":"NDiskMonitor","type":"malware","source":"MITRE","software_attack_id":"S0272","tidal_id":"9d2636c4-0d21-59ad-a2b4-a40c6a9120e0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"38510bab-aece-4d7b-b621-7594c2c4fe14","name":"Nebulae","type":"malware","source":"MITRE","software_attack_id":"S0630","tidal_id":"f817af74-f79d-5510-a404-2ec9a6216024","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8662e29e-5766-4311-894e-5ca52515ccbe","name":"Neoichor","type":"malware","source":"MITRE","software_attack_id":"S0691","tidal_id":"27925361-ffb5-5a5f-add8-98d353754114","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft NICKEL December 2021](https://app.tidalcyber.com/references/29a46bb3-f514-4554-ad9c-35f9a5ad9870)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3819adac-ac37-423c-826a-2f667f302624","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"33939793-a1d5-5673-8762-313d1cbe0635","name":"Neo-reGeorg","type":"malware","source":"MITRE","software_attack_id":"S1189","tidal_id":"33939793-a1d5-5673-8762-313d1cbe0635","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant-Sandworm-Ukraine-2022](https://app.tidalcyber.com/references/7ad64744-2790-54e4-97cd-e412423f6ada)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e85341b-5e6d-4cd7-87d0-8ac147ed2c64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"377c6f96-b553-4452-ad31-7b400d83a0b4","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"de8b18c9-ebab-4126-96a9-282fa8829877","name":"Nerex","type":"malware","source":"MITRE","software_attack_id":"S0210","tidal_id":"614f75e2-c6d5-5e6c-b2f7-a2a0cd752bda","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c9b8522f-126d-40ff-b44e-1f46098bd8cc","name":"Net","type":"tool","source":"MITRE","software_attack_id":"S0039","tidal_id":"d43d44a0-e53a-52d3-86e6-c467ae0e8a15","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"122c29f6-c5ae-4039-9a1c-9518b7478a08","name":"net.exe","description":"","source":"MITRE","associated_software_id":"ef9df548-c7c2-41fd-96f1-acdb9e8a763c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)][[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)][[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)][[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]\n","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike Ryuk January 2019](https://app.tidalcyber.com/references/df471757-2ce0-48a7-922f-a84c57704914)][[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)][[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)][[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Huntress INC Ransomware May 2024](https://app.tidalcyber.com/references/3ebccffe-d56d-594a-9548-740cf88a453b)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)][[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-1314](https://app.tidalcyber.com/references/79fc7568-b6ff-460b-9200-56d7909ed157)]","group_attack_id":"G0028","group_id":"0f86e871-0c6c-4227-ae28-3f3696d6ae9d","name":"Threat Group-1314","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)][[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6c87a8ec-9fdd-4d8d-a4d0-b9bc5fae7952","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"f90cdfaa-d7ae-40e4-b0d6-1195f18ed405","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"722f0b84-a29c-42c9-8fe2-714a9a2432d5","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5c64c7ed-97b8-4b0d-894c-41205e35b01c","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"49dbdc21-89b9-4c95-b4fd-770a4e07f4ce","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"3c0f806e-8093-4033-a927-9ad593d311a1","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"e432a1bb-fbb6-47c9-9e63-9e55c033c8f2","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"75c85ac9-547f-4fe2-93ec-5220119aa5ba","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"569d7096-fe81-4c94-9de1-eb14003faf55","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b627c566-ca35-44c7-89bc-c7b4780f3848","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"a3603f68-8e2d-4578-af53-1087aeb81df5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4b140893-ece9-4013-b418-764b0c0cef53","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"31c5b692-6b84-47e1-a64b-0697f03f7e43","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"0559281a-4393-4ef4-b4fe-b78b2275ca57","tag":"4e7ae33d-e040-4618-bccf-3b5e4aac81ed"},{"id":"2398e9d1-75ec-45cc-aa3f-a52bf9fec727","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cb675c1b-5bbf-4f4c-9cce-c83da64d0dc1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"67040000-2cca-4a76-ab45-534195d6ade6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"82d4c242-9a56-421c-80b7-a0690bd2cc9e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2135dd60-2b57-4e08-99d4-5a8d9bcbea8a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"323f572f-15fa-499e-bd0f-d2d5916b8c81","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"947c6212-4da8-48dd-9da9-ce4b077dd759","name":"Net Crawler","type":"malware","source":"MITRE","software_attack_id":"S0056","tidal_id":"67230dd9-6d86-5e6a-ab01-add17d1dd8e7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7d0d6a4-b821-4e97-8bab-96d16952e7f2","name":"NetC","description":"","source":"MITRE","associated_software_id":"edb7867e-195e-4a88-9198-f118a64af6b0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"852c300d-9313-442d-9b49-9883522c3f4b","name":"NETEAGLE","type":"malware","source":"MITRE","software_attack_id":"S0034","tidal_id":"33a6b4ee-a553-5983-8048-ba3e83ac27bd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f7d7886b-c101-42be-96d6-88660ff2f52d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"803192b8-747b-4108-ae15-2d7481d39162","name":"netsh","type":"tool","source":"MITRE","software_attack_id":"S0108","tidal_id":"97e621af-4bb4-5083-9329-88cfd658f79f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"76a58587-87cf-41d3-bb5a-dd3f7dfd8b48","name":"netsh.exe","description":"","source":"MITRE","associated_software_id":"f0875544-e774-4ba7-8ed3-c9828ea69fbd","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Deep Dive Solorigate January 2021](/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Play Playbook September 06 2022](/references/2d2b527d-25b0-4b58-9ae6-c87060b64069)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Group-IB Anunak](https://app.tidalcyber.com/references/fd254ecc-a076-4b9f-97f2-acb73c6a1695)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)][[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Novetta Blockbuster Loaders](https://app.tidalcyber.com/references/5d3e2f36-3833-4203-9884-c3ff806da286)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c084e68d-aad3-4769-9f9d-b8f9ebff3ad2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"efe61b2f-1131-4e09-8e17-5537b449c6b4","tag":"064dc489-6b50-4cc1-bb9b-fe722f21aaf1"},{"id":"ed262b10-011b-4e3e-b209-7540bbfded9a","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6dc09af0-bdbf-4699-b034-688a2e3aad62","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e7f6d71d-2603-4863-aa86-db20481d1e53","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e54b1777-669f-40d3-978a-ad40f9150f4d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"83a7bc43-a26a-4ad9-908c-ac274c3fd5b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7d79af62-d13d-4e22-b4d1-b272b660985e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5b2ddc42-29fb-44e4-9cbd-7e14cf020494","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d63e62d3-356f-4fdf-b65b-3648d0b2f922","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"132fb908-9f13-4bcf-aa64-74cbc72f5491","name":"netstat","type":"tool","source":"MITRE","software_attack_id":"S0104","tidal_id":"d3e7d35d-446a-52a3-a17f-f9f865afe5d3","platforms":[],"associated_software":[],"groups":[{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)][[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)][[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)][[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b012a59a-3d0d-44db-b29b-446acea0bbeb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fd154b87-fa23-4aca-b3a0-dc9ec15971e3","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"2a9b27ce-71c2-40a2-9b49-5128ba7ea86c","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f70884ea-5b5e-418d-8f9d-15ea4dd6b08a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3c19b306-3213-4dea-8631-666d34d03a12","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"8bea1940-95a2-4790-b006-10cc158e11b3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"082fa9cd-ad32-43b2-9580-5219bf2888df","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b4abc274-fa24-4428-b865-9d0c4d2feaae","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"96ecdb59-b047-4557-b2a7-c9712e8c903b","name":"NetSupport","type":"tool","source":"Tidal Cyber","software_attack_id":"S3135","tidal_id":"b9c67e4f-9439-542b-914e-390d7f32233c","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fc1953ae-21a9-4947-9ede-7b918d6eb890","name":"NetSupport RAT","description":"","source":"Tidal Cyber","associated_software_id":"d3851fe9-6ab9-43f3-b7c1-3d2e731165e8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8095475c-18d3-429d-90a0-55e1952ebc07","name":"NetSupport Manager","description":"","source":"Tidal Cyber","associated_software_id":"f27f2e84-6546-44a5-8012-e05d6bdf5eb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Red Canary June 26 2024](/references/e0d62504-6fec-4d95-9f4a-e0dda7e7b6d9)]","group_attack_id":"G3056","group_id":"54a13c54-a1d5-46e9-b155-56d981a5ad8f","name":"Scarlet Goldfinch","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint TA547 April 10 2024](/references/c1fab1dd-bec1-4637-9d50-8317247dc82b)]","group_attack_id":"G3059","group_id":"ac3426c4-6d7e-4e99-9546-266fb7fd8c44","name":"TA547","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d9812566-01e8-4e9e-afb8-79d1b0e552bb","tag":"6307a146-7a64-41a7-b765-8ea935027895"},{"id":"0ecf8e28-8894-4594-9561-40a60e8bbd53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c195e5b6-0c02-46cb-953e-6e479422eb30","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"95907b44-cc39-4099-bd1d-8ad7e767229f","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"0ecf0c66-7c13-4209-999d-91bc980e8bb6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"43f17cc2-2485-40c5-ae6f-6759ea681be9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1b8f9cf9-db8f-437d-800e-5ddd090fe30d","name":"NetTraveler","type":"malware","source":"MITRE","software_attack_id":"S0033","tidal_id":"1bdc891a-9414-5bb3-b4c1-a09a40377d52","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5a01e698-72bb-4e92-8c83-d74cba4a612a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5b4b395f-f61a-4bd6-94c1-fb45ed3cd13d","name":"Netwalker","type":"malware","source":"MITRE","software_attack_id":"S0457","tidal_id":"80f0a163-4640-562a-8f06-df57e58e875f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"84ef87a0-6ce9-4fcc-b96a-26bcfdabc057","name":"Mailto","description":"","source":"Tidal Cyber","associated_software_id":"ebe1fe56-5d87-444f-bf06-76d18f19b788","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"ade8e593-d88a-45b7-8fce-7f9f2ce23511","name":"Koko Ransomware","description":"","source":"Tidal Cyber","associated_software_id":"4ff19645-f405-4bc2-847b-13409fce15cf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ef732b53-d053-4c64-8810-f35d5505b595","tag":"24f88c63-2917-4895-b0ea-e3a5556b85c1"},{"id":"8df1a09b-6170-4b69-b861-d50dadc77624","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"6f93fdb4-d31e-43e6-9bb0-78ca5c5d07dc","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0b2188b3-9939-457c-a17c-b15c10f5efe7","tag":"242bc007-5ac5-4d96-8638-699a06d06d24"},{"id":"439cfb09-221e-4431-8912-ce755a48235e","tag":"e554bd60-5de3-4162-9ed3-66073ae9d6b3"},{"id":"14adc9a1-48bc-4189-b1aa-95207e312ed3","tag":"0e948c57-6c10-4576-ad27-9832cc2af3a1"},{"id":"a54cb5a5-4d05-46c3-8327-264ba73e0659","tag":"3d90eed2-862d-4f61-8c8f-0b8da3e45af0"},{"id":"31b400df-d113-4275-9555-6e6932799d5b","tag":"2743d495-7728-4a75-9e5f-b64854039792"},{"id":"6495c430-3387-4704-b73c-f393a894b00a","tag":"4fb4824e-1995-4c65-8c71-e818c0aa1086"},{"id":"b3c61d95-3f40-47d8-9352-658590016899","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"62e267d1-8d13-41c0-887d-942cf19ad37f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"c7d0e881-80a1-49ea-9c1f-b6e53cf399a8","name":"NETWIRE","type":"malware","source":"MITRE","software_attack_id":"S0198","tidal_id":"671df562-51d0-50d2-a910-c76813a9b0bf","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)][[FireEye NETWIRE March 2019](https://app.tidalcyber.com/references/404d4f7e-62de-4483-9320-a90fb255e783)]\n","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cylance Shaheen Nov 2018](https://app.tidalcyber.com/references/57802e46-e12c-4230-8d1c-08854a0de06a)]","group_attack_id":"G0089","group_id":"830079fe-9824-405b-93e0-c28592155c49","name":"The White Company","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)][[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b8a6fb95-e260-4f9a-9671-3c4048fe8811","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"36445950-9f53-499f-a3c3-3b32f9d1716e","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"56018455-7644-4e59-845a-986f55efcad4","name":"Network Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3118","tidal_id":"1e29e055-bdb1-50c5-a820-6d83ba3b68f8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b3878754-3dc6-4f51-9c5f-a214768a425d","name":"NS.exe","description":"","source":"Tidal Cyber","associated_software_id":"63740335-2ae1-4285-b0ea-aa3bd1e5725f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9921ae00-0636-42c4-a205-4e8c03c77434","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a174c802-4794-4647-8b25-a1fa699d5d6c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8c39cb37-018d-44ed-9ddb-9f9feef33a42","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2b76bf2d-d379-43ba-82e1-3cb6cb44b0f3","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"8f1e741a-d6b8-46c3-98e6-391b08e0259a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"4f5bded1-97bd-4f97-82f7-1df5d4e6bbda","name":"nex","type":"tool","source":"Trellix TIG","software_attack_id":"S3472","tidal_id":"6e67297a-282c-5cb6-be47-698aa4125c12","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"aa3b4aa9-f944-44ba-a032-b63dda78951c","name":"Ngen","type":"tool","source":"Tidal Cyber","software_attack_id":"S3477","tidal_id":"e9c21961-2ff3-508b-a91f-1ae68c82815d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad852a33-3de5-482c-b8cc-db4f21fe9240","name":"Ngen.exe","description":"[[Ngen.exe - LOLBAS Project](/references/98e9f234-6ea9-4e2a-8828-2e6e6916d7f1)]","source":"Tidal Cyber","associated_software_id":"0ef602e9-60cd-4936-a3e4-10a3eeede100","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4858036d-d4af-48be-be8b-fb1b8cb441fb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"87b73bc7-f7af-41d7-8157-a5545dc885a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"48b161fe-3ae1-5551-9f26-d6f2d6b5afb9","name":"NGLite","type":"malware","source":"MITRE","software_attack_id":"S1106","tidal_id":"56b3ad52-01e5-52fb-9c40-59716de4a645","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"316ecd9d-ac0b-58c7-8083-5d9214c770f6","name":"ngrok","type":"tool","source":"MITRE","software_attack_id":"S0508","tidal_id":"2087798d-a5f7-5920-a6c0-abd01a00ebc6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) used [ngrok](https://app.tidalcyber.com/software/316ecd9d-ac0b-58c7-8083-5d9214c770f6) during intrusions against Ukrainian victims.[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike PIONEER KITTEN August 2020](https://app.tidalcyber.com/references/4fce29cc-ddab-4b96-b295-83c282a87564)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Daixin Team October 2022](/references/cbf5ecfb-de79-41cc-8250-01790ff6e89b)]","group_attack_id":"G3007","group_id":"07bdadce-905e-4337-898a-13e88cfb5a61","name":"Daixin Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[BianLian Ransomware Gang Gives It a Go! | [redacted]](/references/fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has used [ngrok](https://app.tidalcyber.com/software/316ecd9d-ac0b-58c7-8083-5d9214c770f6) to create secure tunnels to remote web servers.[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Earth Simnavaz October 2024](https://app.tidalcyber.com/references/aff9097b-43ea-50aa-88ed-62b98f2d58ce)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"775414b6-72fe-4f67-ae29-2c4954da1482","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"e10a4ec9-2e27-482f-90cb-a6b6cec7e8da","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"78eb57a1-8c78-412e-bd40-4b38e21f2c70","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b840813d-6917-46bc-808c-0ba58f6a492c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c805e791-e2ee-4703-ab5b-e3dbaa8e8616","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ede21e23-0e96-402e-a694-89b7f92ffb5c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6f78a195-bb0c-4e7c-bb6b-d643ce80e0bf","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"0657faea-6051-4c20-acde-b671585bf7a4","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"a688cb44-946a-4d98-b110-794df00caeb8","tag":"d75c1a80-0cb8-4a64-8379-10514cd44b1e"},{"id":"55afd745-308e-4d8a-9084-8c0e982a677c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"17528a6a-db48-48db-a910-2532639c0756","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"08991e84-18c9-4651-a6e8-730fbb1c7c76","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"eb86067d-80b4-45a5-a4cc-e52561dc27b6","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"02f750bc-ab10-4e5e-a3dd-7250834dd9bf","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"18aa5e44-3dd8-4fad-8ecc-104a120daeb0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7813bae2-eeef-4154-b047-d597e6006bde","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2dee4ddb-0673-45cc-8043-e09c23a9e221","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"98b223ca-b7f9-5ed2-8348-3a4caaced031","name":"NICECURL","type":"malware","source":"MITRE","software_attack_id":"S1192","tidal_id":"98b223ca-b7f9-5ed2-8348-3a4caaced031","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT42-untangling](https://app.tidalcyber.com/references/64b19eab-8190-5e22-89a0-f7555f9f7fa2)]","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bdf0a860-8035-4bad-b8c8-58104ed5112f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9d3fd630-1ba8-4d14-907f-f3bdc5a13fa3","name":"NICECURL (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3148","tidal_id":"9139295e-fa4c-5729-bb43-31d5eafca64c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dcb30f45-cdb3-4579-9e18-39dd38b83448","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e7257b68-c77f-4051-a637-9ec3b1f6d66f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a613610f-5649-4245-906b-f85ec961f1fd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3ae9acd7-39f8-45c6-b557-c7d9a40eed2c","name":"Nidiran","type":"malware","source":"MITRE","software_attack_id":"S0118","tidal_id":"85b689b7-c820-5f0f-bad4-2b00a2c23e61","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6a4dcb7d-9358-4331-a127-d0dc5c15260b","name":"Backdoor.Nidiran","description":"","source":"MITRE","associated_software_id":"69d00742-0a78-44e9-ae0e-98d09f52d81d","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Suckfly March 2016](https://app.tidalcyber.com/references/8711c175-e405-4cb0-8c86-8aaa471e5573)][[Symantec Suckfly May 2016](https://app.tidalcyber.com/references/59fd16cd-426f-472d-a5df-e7c1484a6481)]","group_attack_id":"G0039","group_id":"06549082-ff70-43bf-985e-88c695c7113c","name":"Suckfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b1963876-dbdc-5beb-ace3-acb6d7705543","name":"NightClub","type":"malware","source":"MITRE","software_attack_id":"S1090","tidal_id":"e6a8ea44-3f35-5288-be14-8fdf91317b61","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"858084e7-41ba-53f8-b530-0286bf4ea764","name":"Nightdoor","type":"malware","source":"MITRE","software_attack_id":"S1147","tidal_id":"858084e7-41ba-53f8-b530-0286bf4ea764","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) uses [Nightdoor](https://app.tidalcyber.com/software/858084e7-41ba-53f8-b530-0286bf4ea764) as a backdoor mechanism for Windows hosts.[[ESET EvasivePanda 2024](https://app.tidalcyber.com/references/07e6b866-7119-50ad-8a6e-80c4e0d594bf)][[Symantec Daggerfly 2024](https://app.tidalcyber.com/references/1dadd09e-e7b0-50a1-ba3d-413780dbeb80)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0ff47c3d-440a-4e17-8d18-4eb3c6f5fb31","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2dd26ff0-22d6-591b-9054-78e84fa3e05c","name":"Ninja","type":"malware","source":"MITRE","software_attack_id":"S1100","tidal_id":"70b0765f-c04f-5ed9-a80a-fbe332e745d9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"72373c4f-32f9-4780-84c7-458eece354f2","name":"NinjaRMM","type":"tool","source":"Tidal Cyber","software_attack_id":"S3394","tidal_id":"26a4a30b-1087-5579-a6a7-8d28dae1391a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"99b3b266-64cc-4245-a356-584df6c36ede","name":"NinjaOne","description":"","source":"Tidal Cyber","associated_software_id":"2fcd8339-381b-4ade-b1ae-ebe35861165c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a16a64d3-a3f2-4c20-bca5-efed0b1082b2","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"b2d6b691-be36-41b2-88eb-6af9934d8424","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"efa5fff4-f6db-4719-91c7-97dbe93099a8","name":"NirSoft","type":"tool","source":"Tidal Cyber","software_attack_id":"S3112","tidal_id":"70c68043-f7c3-5166-846f-2534eca1f76a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"885d2912-b6e0-42ab-9b6a-7fe79821fd3b","name":"PassView","description":"","source":"Tidal Cyber","associated_software_id":"ae37cbee-ca58-4b1c-8ea4-eaf4857fcc5e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"af54513a-f262-456d-b76e-020a23f0e3d3","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"2e76fbb6-a360-4823-a3e8-87677b275381","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ebf291e7-6963-40cb-89eb-b0d33bbf0df0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"80e0a199-0279-4c00-8bbb-7a79f0d79272","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0f89b191-2c35-47da-808f-8af628e0a6fd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"afb0061f-505c-4107-a3a4-f4dff9630adc","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"18e058fb-e3c5-4fc0-983d-2493d2a6015d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"82996f6f-0575-45cd-8f7c-ba1b063d5b9f","name":"njRAT","type":"malware","source":"MITRE","software_attack_id":"S0385","tidal_id":"6c404eec-d99d-53ab-ab1e-95fe5c52813f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ee2bbd7-0b0b-4dbe-a49c-12a69c564560","name":"Njw0rm","description":"Some sources have discussed Njw0rm as a later variant of [njRAT](https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f), where Njw0rm adds the ability to spread via removable devices such as USB drives.[[FireEye Njw0rm Aug 2013](https://app.tidalcyber.com/references/062c31b1-7c1e-487f-8340-11f4b3faabc4)] Other sources contain that functionality in their description of [njRAT](https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f) itself.[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)][[Trend Micro njRAT 2018](https://app.tidalcyber.com/references/d8e7b428-84dd-4d96-b3f3-70e7ed7f8271)]","source":"MITRE","associated_software_id":"f6269ef2-ec83-41f6-9c86-4d507070c7d7","owner_id":null,"owner_name":null},{"id":"c79396f7-6018-401e-9410-9ffffc6d219d","name":"LV","description":"[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)]","source":"MITRE","associated_software_id":"abeccf73-8340-44ca-93eb-4fbd98050cb6","owner_id":null,"owner_name":null},{"id":"629eccba-abc2-42c1-90fd-d47334ccc1fa","name":"Bladabindi","description":"[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)][[Trend Micro njRAT 2018](https://app.tidalcyber.com/references/d8e7b428-84dd-4d96-b3f3-70e7ed7f8271)]","source":"MITRE","associated_software_id":"77fe7b25-a1a1-488f-b0af-08e6e1508301","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)][[Cisco Operation Layover September 2021](https://app.tidalcyber.com/references/f19b4bd5-99f9-54c0-bffe-cc9c052aea12)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CrowdStrike AQUATIC PANDA December 2021](https://app.tidalcyber.com/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Citizen Lab Group5](https://app.tidalcyber.com/references/ffbec5e8-947a-4363-b7e1-812dfd79935a)]","group_attack_id":"G0043","group_id":"fcc6d937-8cd6-4f2c-adb8-48caedbde70a","name":"Group5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)]","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"55d21b50-e048-43c1-bab9-882d3ee01da9","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"b0c87fc0-35a2-44c1-abff-8a5f09df25d4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e26988e0-e755-54a4-8234-e8f961266d82","name":"NKAbuse","type":"malware","source":"MITRE","software_attack_id":"S1107","tidal_id":"e21d4982-65e8-5376-9810-95ee7af31579","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ea88cc5c-741e-4784-b76b-900264f821ff","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":null},{"id":"fbb1546a-f288-4e43-9e5c-14c94423c4f6","name":"Nltest","type":"tool","source":"MITRE","software_attack_id":"S0359","tidal_id":"1759ca0c-6b3e-5ff6-9841-74c2855ad078","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)][[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Huntress INC Ransom Group August 2023](https://app.tidalcyber.com/references/d315547d-26e3-5130-a794-658eecf1e0df)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bitdefender FIN8 July 2021](https://app.tidalcyber.com/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c6b216ef-d7fa-44e3-bf31-8dfcd141d5fe","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"e48bbde8-804f-434d-a164-07984d87c3a2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"de266ea9-c61d-41ab-9207-a03aa76688bc","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a751f5df-600f-4745-9cf1-4e8cda36a71d","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b28692cc-f523-4d5d-8b0c-30b6efe98d75","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"8b244384-c5a0-411c-95cf-516529f3208d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e6aa580b-a05c-4369-96cb-5c0d690409bf","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0901aee8-a2e3-46a9-817c-1fbd35dcb98a","tag":"24f6ba0e-9230-4410-a9fb-b0f3b55de326"},{"id":"5bbc14c4-7f3a-4889-97fb-f95541711c20","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"211d1ba2-f6d8-4953-adb0-42d0988b74b2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"d563560d-0c22-4751-bf13-0d2b09a6eed2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"042e61cf-a8e1-42ec-8974-a3b2e2037c08","name":"Nmap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3074","tidal_id":"ddca8f08-3dda-59f8-b1af-076e2fe5b371","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ef864bc2-81b9-476a-a65a-3da4e87c366b","name":"nmap.exe","description":"","source":"Tidal Cyber","associated_software_id":"b1dc73c7-6591-430b-9802-5b66758f787c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky ThreatNeedle Feb 2021](/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Group IB Silence Sept 2018](/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f6b3fa13-2418-4a14-81f5-857ce20c6051","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"0a71366c-e76b-423e-9ee7-5b7e47128c2e","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"799357df-2ea0-416e-8a9b-5ac7d3e8c62d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"d5a0f167-eaba-4ac7-bd3e-7456fdf2dee3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"d15bb198-71cc-47b0-ad9a-3eb933653dc8","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"cd29df6b-956f-43a8-865b-3682d80c03f9","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"48f96f2b-b3b9-477c-a830-d5e09879df4e","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b04221bc-79d5-468f-a317-2352061d6fb8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6e2edb56-e298-4517-869c-8064b97cc814","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"86e92638-0267-4b99-b983-1a3b852090ad","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"ac613be5-fc6c-46f6-96ad-40d0629bf70f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b55e4087-8f15-4306-a06a-f6854d27d3e0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e581063f-cb81-4a11-bf1c-0954c47e61e8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"524ee04d-65c7-47a4-b782-05f738a65a80","tag":"6ff40d11-214a-434b-b137-993e4ff5e34e"},{"id":"5dbc4ccf-b55d-4034-8bd3-3cfda2bd0585","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2596d975-0d71-4d51-8e91-d3f8ba9c65e6","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"31aa0433-fb6b-4290-8af5-a0d0c6c18548","name":"NOKKI","type":"malware","source":"MITRE","software_attack_id":"S0353","tidal_id":"1c414a9c-4094-5d52-a6f7-4e4903c7bda0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"dc814d7e-7a5e-4498-b55f-c04e88d13537","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2538e0fe-1290-4ae1-aef9-e55d83c9eb23","name":"NotPetya","type":"malware","source":"MITRE","software_attack_id":"S0368","tidal_id":"03c04de0-9ec7-5602-ade7-0b87eb1e6722","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6309a91c-96ef-4993-8189-6fe613df2f3c","name":"Diskcoder.C","description":"[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]","source":"MITRE","associated_software_id":"f9b55f54-e33d-4df3-987e-fc10919f9a4d","owner_id":null,"owner_name":null},{"id":"8744cf46-0c4c-4ff4-aa56-a3e215f33b42","name":"Petrwrap","description":"[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)][[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]","source":"MITRE","associated_software_id":"cfd041ef-c3f4-4a5e-92dc-4fd9b627983f","owner_id":null,"owner_name":null},{"id":"a83fbd63-c2eb-4c8e-9f57-8d35ab2f8867","name":"ExPetr","description":"[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]","source":"MITRE","associated_software_id":"544d9871-b68a-4bb1-99a4-c56777ce208e","owner_id":null,"owner_name":null},{"id":"190a400c-3de7-4725-805f-1516a57c84d8","name":"GoldenEye","description":"[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]","source":"MITRE","associated_software_id":"2f3dc4fc-1f8c-40e2-a241-9edd349e24d6","owner_id":null,"owner_name":null},{"id":"edd91a94-94d5-4bb7-9fc3-dbb34ea38f16","name":"Nyetya","description":"[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]","source":"MITRE","associated_software_id":"2b7f9965-810d-4018-905d-8530af166fb6","owner_id":null,"owner_name":null}],"groups":[{"description":"[[NCSC Sandworm Feb 2020](https://app.tidalcyber.com/references/d876d037-9d24-44af-b8f0-5c1555632b91)][[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)][[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)][[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)][[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)][[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fdd0b5a0-eee5-4fdb-a9b3-bc1b008945a7","tag":"88cd6603-5b4e-4d0c-9097-051d3a90cb80"},{"id":"f569b5cb-4935-42c6-848c-416d5416afab","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"0f859f3b-934d-412b-b8ab-d9ec2ea3c572","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"c34fd1a8-6eff-4cac-9df9-ce5d78c0a67a","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"bd80ace3-a8df-41dc-8d35-476943537e75","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"c91f1618-78af-4b9e-a384-795b550e193f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"f59e74d1-8368-406b-b55a-30a6d6d9b304","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"d1817595-9186-4749-aeab-26c774c1885d","name":"Npcap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3075","tidal_id":"37b5e8d6-7fca-50b0-89a9-0b4a3fee0c95","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"398de5c7-6134-4602-9bff-5a5c02e307e4","name":"npcap.exe","description":"","source":"Tidal Cyber","associated_software_id":"ed19a544-699c-43c2-a3bb-4503b220354f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0a285eef-ca6d-4027-b859-6520b37219f3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5228c345-be89-4373-9f89-d5717449da64","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"d28ac865-35d2-5522-8454-d0f2178b3078","name":"NPPSPY","type":"tool","source":"MITRE","software_attack_id":"S1131","tidal_id":"d28ac865-35d2-5522-8454-d0f2178b3078","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"38ea87b8-5bec-4082-a14b-590b905ae1ca","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"9af571bb-f3c7-434b-8187-3e4ceb0ec6fc","name":"Ntdsutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3057","tidal_id":"71660b05-a225-5fa3-8776-d4c02290b7b6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"62444fc5-9c72-4a6c-b1ae-90bc0b63bf0a","name":"ntdsutil.exe","description":"","source":"Tidal Cyber","associated_software_id":"39494b87-38c0-4b84-89c9-3bcd45f3bc3f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Prestige ransomware October 2022](/references/b57e1181-461b-5ada-a739-873ede1ec079)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC DEV-0537 Mar 2022](/references/a9ce7e34-6e7d-4681-9869-8e8f2b5b0390)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Cicada November 2020](/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"74629ccd-ae30-4fd4-ae46-2a3e8f1a7534","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"da0727c4-47d2-4548-b84e-3e5bb2597c12","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5b897642-a5f0-4bf0-9cf4-0254875dba82","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"0abe1c88-6541-4d76-832c-2bdd5fa64de4","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"baa5c8cb-4804-437c-a24c-12b96aaad734","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"02dfd3a2-2f09-4c42-86eb-7f0bfeea6c64","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8d81282c-6acb-4674-8021-e52d19326c59","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"77ad15c7-b1fc-4ba0-b6eb-eab03306859a","tag":"1da5eb1e-7ac5-4284-99cb-ce227cad8983"},{"id":"186a004b-54d0-4e15-9e44-99c2f7281c8f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"25221501-b8a9-4ce6-b594-db22bd838c48","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"16186700-ca2f-4e6d-9474-3eed8e56456b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d4606e52-ab3d-4185-873f-4013afb2fb68","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"05ddfce4-966f-41f7-b6f9-e94bdfd4cad3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"70d8a1b9-f7ec-43ba-96e5-2777aa31f24e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2922414-dcb4-4ae8-82c3-081e492b5057","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4fdf1219-df4e-4066-9015-0893483229dd","name":"Nuitka","type":"tool","source":"Trellix TIG","software_attack_id":"S3410","tidal_id":"82c078a2-dda8-5655-ad59-6ce61d18ecb8","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"97e8148c-e146-444c-9de5-6e2fdbda2f9f","name":"ObliqueRAT","type":"malware","source":"MITRE","software_attack_id":"S0644","tidal_id":"3cf503b9-4b54-5d16-af4e-f761dbdc74ac","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos Oblique RAT March 2021](https://app.tidalcyber.com/references/20e13efb-4ca1-43b2-83a6-c852e03333d7)][[Cisco Talos Transparent Tribe Education Campaign July 2022](https://app.tidalcyber.com/references/acb10fb6-608f-44d3-9faf-7e577b0e2786)]","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5c1aa0cc-cb10-4cbb-b234-bffb52656d9d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f1723994-058b-4525-8e11-2f0c80d8f3a4","name":"OceanSalt","type":"malware","source":"MITRE","software_attack_id":"S0346","tidal_id":"86f1271b-33e6-54a8-a533-52331def0ba1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8f04e609-8773-4529-b247-d32f530cc453","name":"Octopus","type":"malware","source":"MITRE","software_attack_id":"S0340","tidal_id":"17f660d1-61ad-568a-8e39-1734bd0c3e7a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Security Affairs DustSquad Oct 2018](https://app.tidalcyber.com/references/0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6)][[Securelist Octopus Oct 2018](https://app.tidalcyber.com/references/77407057-53f1-4fde-bc74-00f73d417f7d)][[ESET Nomadic Octopus 2018](https://app.tidalcyber.com/references/50dcb3f0-1461-453a-aab9-38c2e259173f)] ","group_attack_id":"G0133","group_id":"5f8c6ee0-f302-403b-b712-f1e3df064c0c","name":"Nomadic Octopus","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cbfbd3c1-15ec-51a2-92f8-4d71bb7dc28e","name":"ODAgent","type":"malware","source":"MITRE","software_attack_id":"S1170","tidal_id":"cbfbd3c1-15ec-51a2-92f8-4d71bb7dc28e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"99253cf7-4ad5-41a7-8722-571d6d21f61d","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"5adf778a-9175-4054-a147-92d09c7e7fd0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0dd8fad0-9f4a-487d-b3f7-570bd2046e8a","name":"ODAgent (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3155","tidal_id":"6210bc69-40ac-5b5a-829c-e9b33e4797f4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6505fee8-9d34-4781-b494-416f5558b278","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"08a45eb6-5a09-40bf-921e-934ac4643d6f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8898f4de-b392-48f7-8314-f1e4184d09b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"07805ac7-98f8-49f7-aabc-da816024fd1a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5e434819-7f4a-440c-a9bd-7675c0218be1","name":"Odbcconf","type":"tool","source":"Tidal Cyber","software_attack_id":"S3253","tidal_id":"31cb0807-b428-5319-a1e7-2bdcb438f713","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"32c878f9-f44c-48e6-bf26-b2da2a287c76","name":"Odbcconf.exe","description":"[[LOLBAS Odbcconf](/references/febcaaec-b535-4347-a4c7-b3284b251897)]","source":"Tidal Cyber","associated_software_id":"b227bbff-8291-4e0d-950d-93785e4058ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9e742294-9065-40d7-b111-4f1cabfea7d1","tag":"64825d12-3cd6-4446-a93c-ff7d8ec13dc8"},{"id":"d89b04e8-2a87-4836-9231-dd54901bd444","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"bf3ac405-3dcf-4619-9f4b-1971dadfd93d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8bc7c62a-110d-451b-9ca6-bc48a13e72d4","name":"OfflineScannerShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3254","tidal_id":"35f15591-f690-5eb2-aed0-d4fe89db80d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ea846251-ed63-43b6-a37b-871179b84bce","name":"OfflineScannerShell.exe","description":"[[OfflineScannerShell.exe - LOLBAS Project](/references/8194442f-4f86-438e-bd0c-f4cbda0264b8)]","source":"Tidal Cyber","associated_software_id":"bc428876-7d48-4a33-a080-77916fc66ebc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0f2e6876-ef36-42d3-ab69-fd171cb8966e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"730a0a6b-965b-446b-a76f-4cde057335ea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9c16bf00-c22b-593d-8653-445722a16c5d","name":"OilBooster","type":"malware","source":"MITRE","software_attack_id":"S1172","tidal_id":"9c16bf00-c22b-593d-8653-445722a16c5d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d4ca16d0-602f-43e8-ad57-6bcaaeef4da0","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"d978dbe7-b910-4f9e-9963-c48f253291ba","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"01f8ef57-5c22-4dad-9300-12c0b0d63c1f","name":"OilBooster (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3153","tidal_id":"df7731f6-252d-5a26-9798-9f35ae41d20e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4bb0dafd-410a-4e4a-95f7-b6d51185d9d5","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"08231882-1be4-4d8f-a511-3018c969db40","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bc57d831-4aaf-4ef2-bf68-50b065bc0ae7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"562f3fe3-bca0-416f-ab8c-46dd567b935d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"694f53b5-a54e-5bc6-b58a-0c22771ea3a6","name":"OilCheck","type":"malware","source":"MITRE","software_attack_id":"S1171","tidal_id":"694f53b5-a54e-5bc6-b58a-0c22771ea3a6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b194b013-410d-446c-9006-b6a57ce4c674","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"ef57450b-5643-498b-b308-7d3f0c9c5e82","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"f41dcc5a-017d-4e79-86c1-c7055bd3b513","name":"OilCheck (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3154","tidal_id":"e9f26216-08a6-501d-8710-d6244a092c16","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b4242d0c-3fb3-47c7-b3ee-08f023735bfc","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"c17ef057-8399-4e54-ac13-2788ac6f4537","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a86f5b3f-861f-400e-bded-80a92e52d862","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4260a508-9a66-48ef-825f-810f6bacccd6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f9bcf0a1-f287-44ec-8f53-6859d41e041c","name":"Okrum","type":"malware","source":"MITRE","software_attack_id":"S0439","tidal_id":"03611e4d-e70e-50eb-8fea-06480bd456a5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Okrum July 2019](https://app.tidalcyber.com/references/197163a8-1a38-4edd-ba73-f44e7a329f41)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"013f068a-3b31-4003-ac84-a41fe6ef48c9","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"479814e2-2656-4ea2-9e79-fcdb818f703e","name":"OLDBAIT","type":"malware","source":"MITRE","software_attack_id":"S0138","tidal_id":"7541af4a-97ed-5e3d-9cdf-555abd8c0dba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ec4beff7-13ea-4090-bf36-c8724774e223","name":"Sasfis","description":"","source":"MITRE","associated_software_id":"b710376a-55b9-44c5-8200-c43d2753e16a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"846f1c35-3dbd-4a86-8ae7-3093e09d13bd","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"073b5288-11d6-4db0-9f2c-a1816847d15c","name":"Olympic Destroyer","type":"malware","source":"MITRE","software_attack_id":"S0365","tidal_id":"f28e51f6-63e7-54e4-b039-c03ba0da952e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike GTR 2019](https://app.tidalcyber.com/references/d6aa917e-baee-4379-8e69-a04b9aa5192a)][[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)][[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)][[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)][[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)][[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7f8dcfb4-bbf8-4d89-a974-5d747eca7b70","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"49ef42bc-0958-4b61-9593-a4af69432410","name":"OneDriveStandaloneUpdater","type":"tool","source":"Tidal Cyber","software_attack_id":"S3255","tidal_id":"e028c75b-bec8-52b3-ad73-aa69fceabcbc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8833926e-499b-4d7a-a0b5-cbe512a958df","name":"OneDriveStandaloneUpdater.exe","description":"[[OneDriveStandaloneUpdater.exe - LOLBAS Project](/references/3d7dcd68-a7b2-438c-95bb-b7523a39c6f7)]","source":"Tidal Cyber","associated_software_id":"b893fa8c-a561-4e33-b1f5-fb2b176530df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"acd079d9-d3bf-437c-b7d9-cf352ccf87c6","tag":"b6116080-8fbf-4e9f-9206-20b025f2cf23"},{"id":"5f3a3608-3bf9-477e-9e7a-b71dc4172df9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"23213d66-563f-4d21-af2a-6a1a2f8024e5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6056bf36-fb45-498d-a285-5f98ae08b090","name":"OnionDuke","type":"malware","source":"MITRE","software_attack_id":"S0052","tidal_id":"a8c1bc20-3f94-5df7-b9d4-bb168ce783c2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"dc69ca10-72bd-43ea-88f1-b4ecaa396641","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"33efea8d-c7fe-4384-93b9-a1ea556a77da","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"4f1894d4-d085-4348-af50-dfda257a9e18","name":"OopsIE","type":"malware","source":"MITRE","software_attack_id":"S0264","tidal_id":"1b972e0d-7b66-507b-b6f6-efee796a290a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 OopsIE! Feb 2018](https://app.tidalcyber.com/references/d4c2bac0-e95c-46af-ae52-c93de3d92f19)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6b55a334-762d-4c92-a67d-73b558dea0d0","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"54030309-671d-4e4b-b9c0-619cd07f5e05","name":"OpenConsole","type":"tool","source":"Tidal Cyber","software_attack_id":"S3351","tidal_id":"ae450be2-393b-50b1-a8e3-66c879a9e7dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aac485ed-3b0e-4981-b734-3d4f35bd3117","name":"OpenConsole.exe","description":"[[OpenConsole.exe - LOLBAS Project](/references/e597522a-68ac-4d7e-80c4-db1c66d2da04)]","source":"Tidal Cyber","associated_software_id":"a3c7988f-9ac2-4f7a-ab9d-eb91e905e7a0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"163b5ffb-0d79-44c0-a978-a9667a60840d","tag":"1dd2d703-fed1-41d2-9843-7b276ef3d6f2"},{"id":"52c93210-c164-44b7-ae3f-f76eb7a82936","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"26ca2901-1342-4b8c-9403-aa7b18f0d422","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5edec691-d2f1-4928-a12d-1ff59ba959a6","name":"OpenSSH","type":"tool","source":"Tidal Cyber","software_attack_id":"S3017","tidal_id":"a6fd9131-bc9d-5fdc-8ed3-cc300ce17322","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"59c3d436-bd87-4877-87e8-b0f85fd77695","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"2f3c74b7-ea65-42f0-9c25-2c096e3dcb3f","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"198ac6a4-69ee-4b4f-8678-e38e40916fbb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"13d24554-1dee-4b04-9d6f-87c6dc1de394","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"81c0fc35-5716-4aa2-b7f7-6d5ed248c5a9","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"07ad9e7f-e268-47c9-b041-1758b739e677","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"408964a4-a6b6-438c-85cf-cadda6ad77a5","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"0f425bdc-9cb3-4291-83b0-f6e947900f82","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"f9312aae-1b35-4647-a4c7-5604dc024dca","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9c9b597c-6804-4919-8494-2355a085a9c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"51a9aba5-6744-4eb9-83a2-fb5bac5d432b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae0df40e-d8cf-42ae-9cc3-b50ea9ea6193","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"51083ce7-2db6-4367-a538-17ec72c579b1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"ef587c8b-f3b1-4346-b7bb-68dd2630969a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ecdae0c5-7b4f-408a-afe9-1a16ba0781e2","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"f40f119f-2924-48cb-a6b7-55941e8fbf1d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"45a52a29-00c0-458a-b705-1040e06a43f2","name":"Orz","type":"malware","source":"MITRE","software_attack_id":"S0229","tidal_id":"3540edec-57e1-5905-8874-b680b7ee6068","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c12c69fa-49ac-402f-b67c-2d9581a6d873","name":"AIRBREAK","description":"[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]","source":"MITRE","associated_software_id":"aa558e34-f3ca-443e-b067-a6a88ee46cf6","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)][[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)][[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d8004e8e-c2c2-44cf-9197-9f3a585da2aa","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fa1e13b8-2fb7-42e8-b630-25f0edfbca65","name":"OSInfo","type":"malware","source":"MITRE","software_attack_id":"S0165","tidal_id":"ccf3aa4b-30ee-5f64-aa1f-5bee01ce4fd0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a45904b5-0ada-4567-be4c-947146c7f574","name":"OSX_OCEANLOTUS.D","type":"malware","source":"MITRE","software_attack_id":"S0352","tidal_id":"cb931aad-9e9d-56e4-af04-18cd98cc7577","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"de23bf36-160a-42cc-9971-eb157ca839a2","name":"Backdoor.MacOS.OCEANLOTUS.F","description":"[[Trend Micro MacOS Backdoor November 2020](https://app.tidalcyber.com/references/43726cb8-a169-4594-9323-fad65b9bae97)]","source":"MITRE","associated_software_id":"f89703da-6631-4e60-be1c-0ecbe5a6f738","owner_id":null,"owner_name":null}],"groups":[{"description":"[[TrendMicro MacOS April 2018](https://app.tidalcyber.com/references/e18ad1a7-1e7e-4aca-be9b-9ee12b41c147)][[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"259f66b7-5971-4f17-8949-58fcf16c1cfd","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4d91d625-21d8-484a-b63f-0a3daa4ed434","name":"OSX/Shlayer","type":"malware","source":"MITRE","software_attack_id":"S0402","tidal_id":"78a8ada5-508b-5b05-9615-86f5aa97ef4e","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"f8142c74-2903-484a-a367-d8d93f678e00","name":"Crossrider","description":"[[Intego Shlayer Apr 2018](https://app.tidalcyber.com/references/3ca1254c-db51-4a5d-8242-ffd9e4481c22)][[Malwarebytes Crossrider Apr 2018](https://app.tidalcyber.com/references/80530288-26a3-4c3e-ace1-47510df10fbd)]","source":"MITRE","associated_software_id":"1420094e-351e-4294-b59b-52d2da2724b8","owner_id":null,"owner_name":null},{"id":"1dffb83e-06ed-4ee8-8084-f972c8bdf5f6","name":"Zshlayer","description":"[[sentinelone shlayer to zshlayer](https://app.tidalcyber.com/references/17277b12-af29-475a-bc9a-0731bbe0bae2)]","source":"MITRE","associated_software_id":"b7c33058-21b0-46df-988c-88dfab53e83a","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"5cfd9a5e-34dd-4cd3-9c52-c44b5223dbac","name":"OtterCookie","type":"malware","source":"Tidal Cyber","software_attack_id":"S3489","tidal_id":"6d3bf5fd-a534-5be2-9c0c-e74fdba7f754","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NTT Security Holdings May 8 2025](/references/e42d25ec-c31d-41e4-8d86-d46a7bccd0c8)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"483457d6-ea3b-4c65-9530-c329aee27c04","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"db126735-59c3-4a44-a157-b3486e5f18b9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5efff2ba-e465-411a-99e8-9eb0e7a04852","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"273b1e8d-a23d-4c22-8493-80f3d6639352","name":"Out1","type":"tool","source":"MITRE","software_attack_id":"S0594","tidal_id":"a17b5526-3f9d-5de4-a902-53bf2962f9d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"042fe42b-f60e-45e1-b47d-a913e0677976","name":"OutSteel","type":"malware","source":"MITRE","software_attack_id":"S1017","tidal_id":"74763dcf-d09a-51f9-94e4-c9e4c4005170","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[OutSteel](https://app.tidalcyber.com/software/042fe42b-f60e-45e1-b47d-a913e0677976) is uniquely associated with [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973) as a post-exploitation document collection and exfiltration tool.[[Palo Alto Unit 42 OutSteel SaintBot February 2022 ](https://app.tidalcyber.com/references/b0632490-76be-4018-982d-4b73b3d13881)]","group_attack_id":"G1031","group_id":"eb64ce69-f106-5e8e-8efd-a29385a05973","name":"Saint Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9863f875-3217-4b00-8f48-7b186e937a75","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"0c645029-ad8b-4152-a5ae-e3fd51f8ec0d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"6d8a8510-e6f1-49a7-b3a5-bd4664937147","name":"OwaAuth","type":"malware","source":"MITRE","software_attack_id":"S0072","tidal_id":"68afd00e-5176-5dbe-ac41-d3369233bfb2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"916f8a7c-e487-4446-b6ee-c8da712a9569","name":"P2P ZeuS","type":"malware","source":"MITRE","software_attack_id":"S0016","tidal_id":"521eea88-bdf4-5263-b899-f94d48e77a6a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0be03191-fd13-4d31-b7b3-128c37e9e774","name":"Peer-to-Peer ZeuS","description":"","source":"MITRE","associated_software_id":"a9205e41-8ef6-4b3a-9477-f6b673668d11","owner_id":null,"owner_name":null},{"id":"f7872aaf-38e2-46a6-af91-805e19096d3b","name":"Gameover ZeuS","description":"","source":"MITRE","associated_software_id":"af301e1b-5252-41eb-8802-9c5129d40091","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"1933ad3d-3085-4b1b-82b9-ac51b440e2bf","name":"P8RAT","type":"malware","source":"MITRE","software_attack_id":"S0626","tidal_id":"142771f4-a468-502e-b707-a33766510ec9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f6ef8ff8-913c-470d-b669-a2a1aab38312","name":"HEAVYPOT","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"42353f34-77f6-4928-ae59-e3c9518ef1ba","owner_id":null,"owner_name":null},{"id":"ed0a3867-3af0-4687-aa35-2484bd705527","name":"GreetCake","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"d1748d73-27f8-4bf1-a8cf-fcc82cebffbc","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"13856c51-d81c-5d75-bb6a-0bbdcc857cdd","name":"PACEMAKER","type":"malware","source":"MITRE","software_attack_id":"S1109","tidal_id":"f4e154b1-f6d1-5e1e-8a30-52fb46e5cdd8","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e90eb529-1665-5fd7-a44e-695715e4081b","name":"Pacu","type":"tool","source":"MITRE","software_attack_id":"S1091","tidal_id":"ece187ab-2a4a-59ac-b7c5-f093116f4a1f","platforms":[{"id":"69826802-7b16-5c4e-92f5-72f9354e29e5","name":"GCP"},{"id":"996aa968-bd71-5b30-9b76-eaab9a19a1c8","name":"AWS"},{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"}],"associated_software":[],"groups":[{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sysdig Scarleteel February 28 2023](/references/18931f81-51bf-44af-9573-512ccb66c238)]","group_attack_id":"G3032","group_id":"788ffbf6-1a36-481a-a504-bbcd9f907886","name":"SCARLETEEL","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"62c88c5a-1ce8-4cf1-8274-b9ad85458a95","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"4d8074cf-5e0f-466e-8f93-e63e78d735a2","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"7786ec1e-83d7-4456-8a21-afabcc3007eb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"17b4ad2e-9ed8-4a9f-a66e-fe8e2d5f91c3","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"abc727ea-62a6-4562-9aa9-8154c64445fc","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"d85de01c-f27a-419f-b8f7-fae44b302994","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"320b0784-4f0f-46ea-99e9-c34bfcca1c2e","name":"Pandora","type":"malware","source":"MITRE","software_attack_id":"S0664","tidal_id":"5027c8c4-9197-51a5-9a33-a0ab54969553","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":" [[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)][[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)][[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24b8d4f4-f53e-474f-8829-386ff69c5675","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"02072754-a9fd-4f7c-a273-cba98d13183a","name":"PanicBotnet","type":"malware","source":"Tidal Cyber","software_attack_id":"S3516","tidal_id":"8a9a40be-e303-5372-9ec7-0fe5e61b55da","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Intel471 Pro-Russian Hacktivism July 2 2025](/references/eebfb4d2-883e-4456-8e3a-79627471022f)]","group_attack_id":"G3118","group_id":"3ab35de9-6daa-4a69-9f0d-76ba1624883d","name":"IT Army of Russia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9f6820e1-875b-4edb-ab74-7773515dff48","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"6c97d524-2edc-47c5-b54c-5ae6905ac392","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e3277ec2-85c1-47b4-ad4f-ab1f0bff9edc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3f018e73-d09b-4c8d-815b-8b2c8faf7055","name":"Pasam","type":"malware","source":"MITRE","software_attack_id":"S0208","tidal_id":"a3751570-76ee-5b21-a165-f93f2957dc9f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8d007d52-8898-494c-8d72-354abd93da1e","name":"Pass-The-Hash Toolkit","type":"tool","source":"MITRE","software_attack_id":"S0122","tidal_id":"21cbf6b8-a6b3-5961-907c-3e3c3026fed4","platforms":[],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e12e1de8-a0d9-4602-8264-5952106bd53c","name":"PasswordFox","type":"tool","source":"Tidal Cyber","software_attack_id":"S3039","tidal_id":"a3f604bd-41b2-50a9-adce-fbf6f98a0364","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"64a4a1d4-1ee7-46a1-8772-49e4f0880dbe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6cd9630e-7a0f-496f-84ea-cde37650fa08","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"3f910bc9-48be-4a01-83ce-65c8d0d98289","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"89e99fae-eac3-4844-9b77-7191d980d785","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c1b7c2e6-d463-4e1e-beb6-5b82f85efe1e","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f3e3bf47-59f7-48d9-9c1d-babfe7ec5294","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"fde56359-ad77-453f-a8a9-6b22a6f4eac7","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f7363d19-b15b-494c-bdab-7e3e581b9666","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"1a71b9fe-c5a1-4554-b9c9-a3aa5c14d5e5","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d745d427-222d-4580-b8cd-fd588cf84b93","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dca3834c-57d4-425c-98ae-3eb34d65a750","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4d79530c-2fd9-4438-a8da-74f42119695a","name":"P.A.S. Webshell","type":"malware","source":"MITRE","software_attack_id":"S0598","tidal_id":"61f31b9d-dd74-59a9-8023-cf3e67487418","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"36b3f358-eef6-486a-a1a3-f5847161ea83","name":"Fobushell","description":"[[NCCIC AR-17-20045 February 2017](https://app.tidalcyber.com/references/b930e838-649b-42ab-86dc-0443667276de)]","source":"MITRE","associated_software_id":"0d76d9ee-8696-42f9-9f34-52f3ad265995","owner_id":null,"owner_name":null}],"groups":[{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [P.A.S. Webshell](https://app.tidalcyber.com/software/4d79530c-2fd9-4438-a8da-74f42119695a) during intrusions.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ANSSI Sandworm January 2021](https://app.tidalcyber.com/references/5e619fef-180a-46d4-8bf5-998860b5ad7e)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"950bdbe2-aa63-4794-9752-0e8c492c8d09","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"9aa21e50-726e-4002-8b7b-75697a03eb2b","name":"Pay2Key","type":"malware","source":"MITRE","software_attack_id":"S0556","tidal_id":"b9a6aa1f-0064-57bf-ad3b-6c9a88afc66c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ClearkSky Fox Kitten February 2020](https://app.tidalcyber.com/references/a5ad6321-897a-4adc-9cdd-034a2538e3d6)][[Check Point Pay2Key November 2020](https://app.tidalcyber.com/references/e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c057795c-32a9-4910-a4b7-a8d04cb96fee","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"714bdcb2-6971-4bb4-aec4-955b17606241","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"baf91f9d-3ff7-4daa-a069-c1b79bb63ff4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"00daafc4-8bf1-4447-b24f-1580263124f5","name":"Pcalua","type":"tool","source":"Tidal Cyber","software_attack_id":"S3256","tidal_id":"7ecb390f-d70a-5b79-af7f-0ea970f50882","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"82d71795-9826-4ab2-b6d7-37c902cc0b50","name":"Pcalua.exe","description":"[[Pcalua.exe - LOLBAS Project](/references/958064d4-7f9f-46a9-b475-93d6587ed770)]","source":"Tidal Cyber","associated_software_id":"4a3504d3-5ff3-4aa1-8894-74fabf92d922","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d4ca709c-ebfe-4090-9621-638fc1d8a614","tag":"074533ec-e14a-4dc3-98ae-c029904e3d6d"},{"id":"caac5dd8-5b59-48a6-8bff-721b484e51bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"11bbcb97-6dd3-4f03-8e5b-02711b4bf2f4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"873ede85-548b-5fc0-a29e-80bd5afc5bf4","name":"Pcexter","type":"malware","source":"MITRE","software_attack_id":"S1102","tidal_id":"811a3466-cc29-522d-8f40-152b13a75984","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"591acc39-1218-4710-aadc-150ae6475ee3","name":"PCHunter","type":"tool","source":"Tidal Cyber","software_attack_id":"S3040","tidal_id":"de32363c-ab04-5214-b8da-00c5af1ad3a0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b62cabf0-04bd-4852-86fa-9a34e346e7ea","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"bb904c9e-2b3a-4fb6-bac6-9664629380ff","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"ea53fb8b-2052-4c3d-bf2a-f22e103d788d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6777331e-d88d-4363-896e-ac53d12881cb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"beadc0db-3b09-4aaa-a983-003802badc47","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b728a521-72f2-4252-a6e9-f5d2046e6266","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ddc63a57-ac5f-4ce2-862b-785f63c84642","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6cee8bc0-2e12-40f2-98ed-cb104413c4f8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"88693d3d-8be6-459b-9349-762d8d2d2199","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"73135084-d3c0-4e09-9f0a-1606e5f92056","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f411b686-7945-40ee-9ed0-bb48b1b8c24c","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"c65e92c0-2b10-4210-a2a9-c2e683fb96be","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"12100253-5284-4d53-8697-6bfc99f60fa1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f899f5c9-de67-42d9-8613-7508120437e4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"71eb2211-39aa-4b89-bd51-9dcabd363149","name":"PcShare","type":"tool","source":"MITRE","software_attack_id":"S1050","tidal_id":"34387b0d-69d9-5ffd-8e0d-eeee9961c895","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"585f1b59-7fa1-4d45-b0c4-f87a3c9e7074","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7babb537-ec29-425a-9108-43d1619e02b5","name":"Pcwrun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3257","tidal_id":"e7e001eb-7854-51d3-acc5-e5fef3b77ebe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"abcc649b-45a1-4c46-b6a7-8e7954e244a8","name":"Pcwrun.exe","description":"[[Pcwrun.exe - LOLBAS Project](/references/b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0)]","source":"Tidal Cyber","associated_software_id":"3bc797f7-59bc-4ce6-8cf9-e533e317aaa8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dc61a965-345e-4817-b520-a432f0257dd2","tag":"62496b72-7820-4512-b3f9-188464bb8161"},{"id":"1becf3ba-630d-436f-bd6a-f900351d7819","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b56699e6-71e7-45ca-bec5-d84afda4773c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"47ba2c2c-b4f3-48dc-878f-b8cab6d97f65","name":"Pcwutl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3314","tidal_id":"50335706-9593-5819-8b58-f8f870b5dba9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c59ec19a-7478-4186-9ba6-81728661f265","name":"Pcwutl.dll","description":"[[Pcwutl.dll - LOLBAS Project](/references/1050758d-20da-4c4a-83d3-40aeff3db9ca)]","source":"Tidal Cyber","associated_software_id":"f464e0cd-7a76-4924-9473-90f334f886ce","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8e9f61a0-1ffd-4b8a-9975-f6f18a152690","tag":"ff5c357e-6b9b-4ef3-a7ed-e5d4c0091c0c"},{"id":"d9d847a8-2966-4db5-b4f8-fc911c1a432d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"61e177ed-65fd-4066-b4e2-508fa9aef74c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3658625d-b63b-4ec7-804f-5f2e7369cbc5","name":"PDQ Deploy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3447","tidal_id":"2e087b8f-bd6a-5f9e-b8d6-4a5ba6a2fe3a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0b666907-251e-43d5-a205-9b6687031116","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a9fe3f2d-6b38-48fe-aac6-a893dbab722a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f48a2d1f-b498-4e22-8840-e61bb07e1af4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"36744d5a-47ce-4446-b358-bf61df48330a","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"545d5c70-fdd6-46c3-b870-5fbb83582148","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"33e29797-390c-464e-acb4-ab0991bb2576","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9de5451a-791a-4db5-a3ed-996f02ea821c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c9320712-1e90-4699-bf24-31d8091e22d2","name":"PDQ Inventory","type":"tool","source":"Tidal Cyber","software_attack_id":"S3448","tidal_id":"46639db9-c50a-540b-9079-a4b4a05155e6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"55f42ba4-2a38-47dc-8502-d1a540bbbd0e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"bfe27e7e-abaa-4984-9e59-cb30407d01e7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"42f697eb-1f92-4d9f-bb03-a5e3d608b78a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"8bf0cfea-250a-4f0b-a412-faea27c938d8","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"5a688360-16e4-4860-b9b1-626b41e547dd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8e15a6a5-8bcc-4201-b010-c1b3af96a074","name":"PEAKLIGHT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3424","tidal_id":"a7713233-64fd-5c0e-8ed6-cf949cfcc1eb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7ad7f820-87f6-4dd7-afaa-d91c2a4933d6","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ddaf1ee8-1306-4846-8008-d1574b0ebc5f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"872f1dbd-264d-4b18-a979-3026b33968b2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17f9bc8e-6ceb-4345-83b9-1252804344b3","name":"PeaZip","type":"tool","source":"Tidal Cyber","software_attack_id":"S3492","tidal_id":"4974a48f-32d9-54ef-9a4f-addfe8ef8f69","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3ea325a6-05d0-48d0-956a-5d330805aeca","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"d2dabd34-68c0-4944-9e37-3cda6447dcb1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"546b8571-bbc7-4c11-8bff-ae54fcd9ebe5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6b8d2440-972b-405b-bd06-3745e3c9d0a5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2794d8ab-5422-405b-88de-0218b71433e2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c4073a03-dc39-4e03-9438-d609dcdca7d4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd0f53e2-b7a6-48a6-9bf4-612c5bd749dc","name":"PebbleDash","type":"malware","source":"Tidal Cyber","software_attack_id":"S3425","tidal_id":"81bc690c-391e-5968-bcb1-67bd4790d2d4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Blogger June 1 2020](/references/13b1769f-e845-4465-8911-234d8737a617)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ASEC PebbleDash December 21 2021](/references/cd71395a-9b7f-4b38-9ca7-337f9bcf1598)][[AhnLab February 3 2025](/references/c40f03ac-5df2-44c4-975a-86e6282da359)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"94552444-3c84-476e-9f44-c7dedfe8e8e7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8fb0a83f-868e-4dcc-b77a-d1d5e11b64a4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"29c5416e-bd02-40a4-b405-a21fbd034b86","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"52a19c73-2454-4893-8f84-8d05c37a9472","name":"Peirates","type":"tool","source":"MITRE","software_attack_id":"S0683","tidal_id":"2111679f-c9ac-5ed8-b28b-7c65dd2f1f29","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"[[TeamTNT Cloud Enumeration](https://app.tidalcyber.com/references/a672b74f-1f04-4d3a-84a6-1dd50e1a9951)]","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Sysdig Scarleteel February 28 2023](/references/18931f81-51bf-44af-9573-512ccb66c238)]","group_attack_id":"G3032","group_id":"788ffbf6-1a36-481a-a504-bbcd9f907886","name":"SCARLETEEL","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4c65065d-eccc-4bfc-add9-c977a873af38","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"e4c601ab-fcfb-4249-ac59-b5a0a6412c30","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"416b2fcf-5788-46e3-b832-60742fbd8ad5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"951fad62-f636-4c01-b924-bb0ce87f5b20","name":"Penquin","type":"malware","source":"MITRE","software_attack_id":"S0587","tidal_id":"51055d89-e034-50a6-81b8-e4599d5fab6a","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"5932da92-3695-4121-8b20-d4c7df200a67","name":"Penquin 2.0","description":"[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]","source":"MITRE","associated_software_id":"e7c7c852-6196-49e9-b883-ccfd5ae47aca","owner_id":null,"owner_name":null},{"id":"811dc1ed-6ce8-494c-80fa-16836aab6f42","name":"Penquin_x64","description":"[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]","source":"MITRE","associated_software_id":"42c40368-672c-4118-bd35-9935208978e1","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1f080577-c002-4b49-a342-fa70983c1d58","name":"Peppy","type":"malware","source":"MITRE","software_attack_id":"S0643","tidal_id":"cbc1e7b5-2609-55b2-bcc4-eddb55c02978","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 ProjectM March 2016](https://app.tidalcyber.com/references/adee82e6-a74a-4a91-ab5a-97847b135ca3)]","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5028ed72-8e6b-48bd-b4f4-e42df926893d","name":"Pester","type":"tool","source":"Tidal Cyber","software_attack_id":"S3385","tidal_id":"32efc32a-ee35-5c23-a9c3-fc701aa9ed98","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18fa1f56-f4b5-447e-ac86-26f17d9f2bd1","name":"Pester.bat","description":"[[Pester.bat - LOLBAS Project](/references/93f281f6-6fcc-474a-b222-b303ea417a18)]","source":"Tidal Cyber","associated_software_id":"3c004ca1-7436-44e9-85e4-33d55fc74f5e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e7569a31-97a9-4498-9f6a-ddde5fe37952","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2783d08f-1905-4067-b162-b02e1a2aef41","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"30ca44b9-8645-4b51-af77-58e85897f7f9","name":"Phemedrone","type":"malware","source":"Tidal Cyber","software_attack_id":"S3398","tidal_id":"7952a756-b424-5bce-8ad8-705fb17faa43","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"854d8703-69db-4d79-92fc-6020d6e2820e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"a63da2d4-5750-441c-b7da-9aeaf9d72a84","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"71602d81-0812-4f77-83b0-ee58e3ea6961","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d7015696-0aa1-4c13-a0e6-b9d8e027dabf","name":"Phobos Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3119","tidal_id":"f0203b04-1657-58fa-9788-59ea5e4a127e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3d0d0a9c-da94-4d59-8ca4-b4adfc0e290e","tag":"1d06c2ad-3f16-44e4-908c-d6a3191aa29c"},{"id":"574b0dca-74e4-4c02-a86a-d9434f996cc0","tag":"c306a190-d66a-43f0-befd-b7c3249cc8d5"},{"id":"5c438968-3471-4c95-98d7-c19d43f359da","tag":"288f845a-9683-4bd7-a7a7-b25cbf297532"},{"id":"339b052b-e07a-4e7c-bd2e-a556104b93e5","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"597c4f66-c7ef-4fc9-b951-a250f1f07be6","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"eb050de8-5a42-47f4-b856-ece9ee31ab33","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e8097ac7-352c-4557-82c6-72d94014eb4c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"02816f9e-1209-4fff-8884-0b38d9c6eab5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"46323054-92ca-4ceb-a47f-c22b444d126e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"c6fc073b-fa8a-4fff-a066-3fd788d3ac85","name":"PhonyC2","type":"malware","source":"Tidal Cyber","software_attack_id":"S3086","tidal_id":"a5fbbdce-a74f-5a8e-b81a-3529a66d9325","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Deep Instinct PhonyC2 June 2023](/references/fd42ac0b-eae5-41bb-b56c-cb1c6d19857b)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f5973107-3a54-424c-9201-aaf125243c77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b83ef0fa-9a48-4c40-bd50-b8c326f08be5","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"f14bf61d-691c-4239-a54e-d6caaea074eb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"413f5e4a-f0f5-49f9-85c4-52047f6b1d50","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd63cec1-9f72-4ed0-9926-2dbbb3d9cead","name":"PHOREAL","type":"malware","source":"MITRE","software_attack_id":"S0158","tidal_id":"77d8b94b-0769-5d6f-b3ef-0b0d2f6e6bf3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"75c6b7ce-60aa-4328-9bf2-51c3000aef35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fb1b0624-3290-5977-abbc-bc9609b51f8d","name":"Pikabot","type":"malware","source":"MITRE","software_attack_id":"S1145","tidal_id":"fb1b0624-3290-5977-abbc-bc9609b51f8d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a84d9fa4-a0d4-4592-baff-53ec87d687eb","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"2fe4c2da-a3cc-4c61-b279-79d62c8e21d2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d0f04bc1-a270-4c4a-8636-4979e04b7582","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"db5d718b-1344-4aa2-8e6a-54e68d8adfb1","name":"Pillowmint","type":"malware","source":"MITRE","software_attack_id":"S0517","tidal_id":"8910ea0b-bffd-5e51-979c-5cac908a18f3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trustwave Pillowmint June 2020](https://app.tidalcyber.com/references/31bf381d-a0fc-4a4f-8d39-832480891685)][[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5085df3a-4800-4d89-8924-8d1974bc5a0b","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"ba2208c8-5e1e-46cd-bef1-ffa7a2be3be4","name":"PinchDuke","type":"malware","source":"MITRE","software_attack_id":"S0048","tidal_id":"33d2e44a-7f4b-53af-a8a6-83aded1ca9bc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ab3ec588-19bd-4c53-a53d-3a895aef503d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"4ea12106-c0a1-4546-bb64-a1675d9f5dc7","name":"Ping","type":"tool","source":"MITRE","software_attack_id":"S0097","tidal_id":"ba4c362d-8f51-5fba-bf12-28118b5d86f0","platforms":[],"associated_software":[],"groups":[{"description":"[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)][[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ClearSky Siamesekitten August 2021](https://app.tidalcyber.com/references/9485efce-8d54-4461-b64e-0d15e31fbf8c)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)][[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)][[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Ping](https://app.tidalcyber.com/software/4ea12106-c0a1-4546-bb64-a1675d9f5dc7) to verify connectivity to remote hosts.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"966faed1-9bbf-4a10-a6d6-0f1e39e5175d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f655b0ae-aaa5-4ef7-8cef-70a11a761580","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"5bb653a2-7ae6-4094-95ea-359dfa56e16e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c838708c-2247-4416-a8af-232bc7453d86","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"bdbc3ef7-d184-4a14-aa50-23eaa4d591b5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1debf242-3c91-4bdb-932c-27d61fe17474","name":"PingCastle","type":"tool","source":"Tidal Cyber","software_attack_id":"S3012","tidal_id":"4e9cc41c-0f28-5c74-b833-af10fa8e4ab9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b487c982-554b-456e-9e85-b0acc7e273af","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e829cd9a-ff25-4c4b-8a16-9bf11d28d8e8","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"2dd50cf9-86d9-4f6d-8402-157c6b2b5d51","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a6058d6f-2da3-4ecb-8912-72df0e8456f0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a4b14e2d-7924-48bc-b9ff-499a26e77d08","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d816d380-5cc3-44cc-a9c4-d5f394c13acc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4360cc62-7263-48b2-bd2a-a7737563545c","name":"PingPull","type":"malware","source":"MITRE","software_attack_id":"S1031","tidal_id":"9c56033d-62f5-5c61-aec8-48cd3a922e9f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 PingPull Jun 2022](https://app.tidalcyber.com/references/ac6491ab-6ef1-4091-8a15-50e2cbafe157)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97fa941a-825e-4274-966b-d3617088624e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"92744f7b-9f1a-472c-bae0-2d4a7ce68bb4","name":"PipeMon","type":"malware","source":"MITRE","software_attack_id":"S0501","tidal_id":"3be34b1a-4254-5c19-b1e7-d0f32af23b92","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET PipeMon May 2020](https://app.tidalcyber.com/references/cbc09411-be18-4241-be69-b718a741ed8c)]","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"14e65c5d-5164-41a3-92de-67fdd1d529d2","name":"Pisloader","type":"malware","source":"MITRE","software_attack_id":"S0124","tidal_id":"0836a923-d891-52dd-937b-a2dd336767b1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Palo Alto DNS Requests](https://app.tidalcyber.com/references/4a946c3f-ee0a-4649-8104-2bd9d90ebd49)]","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dbfd1b38-f599-4c8a-bc08-4b9e4afff105","name":"PitDog","type":"malware","source":"Trellix TIG","software_attack_id":"S3425","tidal_id":"243409d3-7ebd-5412-85a0-5b5c790233ac","platforms":[],"associated_software":[{"id":"fa1c1337-15ef-45f5-b583-30d1f1c4afac","name":"PITDOG SparkGateway plugin","description":"","source":"Trellix TIG","associated_software_id":"39e4541a-037d-4a46-a3b8-ade6998e465f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f23c556a-00be-49b3-97c0-9995d3e29e8d","name":"PitDog Plugin","description":"","source":"Trellix TIG","associated_software_id":"1cfb6bfb-4a6f-441a-8127-ccc8ddeabee2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"6f438a2e-bd54-4457-adea-fd09e54e95f9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"615e7a59-fcd8-4127-98ed-360f2b5341ed","name":"PitFuel","type":"malware","source":"Trellix TIG","software_attack_id":"S3447","tidal_id":"6dc39ef3-0b99-54ce-a6c1-e055be373c1d","platforms":[],"associated_software":[{"id":"44bce584-fd01-4641-ae0e-0a7ed9666d98","name":"PITFUEL SparkGateway plugin","description":"","source":"Trellix TIG","associated_software_id":"eaee58b7-d183-4289-9e35-2a15d1ee361f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8598deb8-0490-46cc-a5d2-d93ebc08c166","name":"PitFuel Plugin","description":"","source":"Trellix TIG","associated_software_id":"2ccf6c88-225c-4723-95ee-cb985ff5f3e9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0ed35278-4a85-4ec7-9b54-3bcf51f46fba","name":"PitHook","type":"malware","source":"Trellix TIG","software_attack_id":"S3397","tidal_id":"5c28709d-76b8-55e3-8de4-a21c37df7f8b","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9c2a2042-8950-4f81-b8e8-49561540e9b3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"4fe6de12-eaea-4632-8ddb-63899a20cc2c","name":"PitSock","type":"malware","source":"Trellix TIG","software_attack_id":"S3435","tidal_id":"d8da1cab-2cb1-55c4-a98f-6d5abcf7f783","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0486790c-bb74-4538-b4a1-d7c33a355ee7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"c0e56f14-9768-5547-abcb-aa3f220d0e40","name":"PITSTOP","type":"malware","source":"MITRE","software_attack_id":"S1123","tidal_id":"10fc13ca-14b9-5150-a372-9fee49084e69","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"0b0ae21a-987c-44c5-93db-3b228544eb99","name":"Pktmon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3258","tidal_id":"ac644a53-c90a-57c3-b84e-7f1ad2641ccb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1d6b68d-7d2e-409b-909a-31807a46bc5d","name":"Pktmon.exe","description":"[[Pktmon.exe - LOLBAS Project](/references/8f0ad4ed-869b-4332-b091-7551262cff29)]","source":"Tidal Cyber","associated_software_id":"c29799e7-8d70-4312-890d-39eff939af8c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"91ac2db4-a023-449a-9d3a-beedd5670892","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b59aa7ef-f143-403c-bbe9-68200765aa76","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9445f18a-a796-447a-a35f-94a9fb72411c","name":"PLAINTEE","type":"malware","source":"MITRE","software_attack_id":"S0254","tidal_id":"d17a3cc9-1143-51b3-9da6-8895bcc45222","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2d3d6034-21f7-5211-ab8a-338dada7082f","name":"Playcrypt","type":"malware","source":"MITRE","software_attack_id":"S1162","tidal_id":"2d3d6034-21f7-5211-ab8a-338dada7082f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9512334f-b1ed-5a45-824f-cbef6d1647ff","name":"Play","description":"[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)][[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","source":"MITRE","associated_software_id":"169ac4af-3d1d-488b-ac03-64c5c2c5742c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)][[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"460f9da8-7cef-404d-ae94-26d1882e6515","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fa553e2f-e78f-49eb-aa07-c137eedd24c9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ac5a0040-1228-4690-bb1c-c9c016efb05e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1076f5b4-5990-4f71-b9f0-d6c67907a0e6","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"b01e8060-fc34-4758-992b-202b6f7c50cb","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0fa9e34a-b9aa-4662-80da-b61ee0bc786f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"adc4a5e0-7f48-48ee-9a9d-79ecd3db35aa","name":"Playcrypt (ESXi variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3493","tidal_id":"cc328dfe-3e24-514f-9732-8ad8abb5332a","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e2b09972-e472-4f3a-bd2c-e07f56a353ff","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"143c80e7-b1e3-483a-b3d1-b473b2593491","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"47b9975b-025d-429e-b3ef-d7abf0e92abc","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b33de16e-d929-44fa-9178-6f46f3fc6508","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"30e609f0-22ef-4a7c-9af0-79853db6d7cb","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1c9e2058-4e90-400e-b007-96c446668d0b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"bdca2310-bd2f-46dc-b7ae-ff217e468e4a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5519135a-2940-4436-931c-d7f5c5c75904","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bc6c73ef-6ee0-4c98-9663-25c7457f6442","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9a890a85-afbe-4c35-a3e7-1adad481bdf7","name":"PLEAD","type":"malware","source":"MITRE","software_attack_id":"S0435","tidal_id":"5d6fd090-6f9d-57c6-a0f7-e6268779a698","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro BlackTech June 2017](https://app.tidalcyber.com/references/abb9cb19-d30e-4048-b106-eb29a6dad7fc)][[JPCert PLEAD Downloader June 2018](https://app.tidalcyber.com/references/871f4af2-ed99-4256-a74d-b8c0816a82ab)][[Trend Micro Waterbear December 2019](https://app.tidalcyber.com/references/bf320133-3823-4232-b7d2-d07da9bbccc2)][[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6117e2b5-140b-49d2-89b7-76d91e6c798c","name":"Plink","type":"tool","source":"Tidal Cyber","software_attack_id":"S3043","tidal_id":"02ccc10d-ae4f-55d8-970f-c1180f17a042","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e5b7959d-1bdf-4ee4-ae5b-1b8261017301","name":"PuTTY Link","description":"","source":"Tidal Cyber","associated_software_id":"d7602f4b-ebea-466b-9e7f-17fe5e7238d6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog May 12 2025](/references/8fb1a0ff-2977-4f50-aba9-e5f5c2b63647)]","group_attack_id":"G1041","group_id":"a511f4e7-9a04-5f37-a599-0d0eee85cfec","name":"Sea Turtle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"390b4185-f493-40cc-b04e-51f6ea748993","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"244eb01f-52c0-4cfa-9e78-2972ccea0834","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ddc66b3-cff2-4bfa-ba85-85bbb4864402","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"efdd5a4b-8ead-4593-8712-d1e79a565d20","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ab2eabc6-0a71-4ec1-8c9c-77837934fe42","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c639df89-cdc0-4a04-9090-938ca31a1832","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"0a5d7631-520f-4462-a75a-b769428043e9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"54dbd483-4eb9-44e6-aa7c-11b9d67e3932","tag":"a1427c89-2ebd-440f-b7e0-9728e3ef2096"},{"id":"6ee0145b-304b-4f51-8c9c-1263ffbf1b60","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"bdd8e86f-3fcc-4b67-bf25-fb37fa4f67c9","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3c31bc19-a997-4b3c-8053-908bee6f4d5d","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5b07a42e-7bd0-4058-821c-bd2c772e2da5","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a8ee50ac-0689-4c68-9bfd-43767dc915fc","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3b32d0d6-47a8-4473-9613-30098154f305","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"6db59bf0-3fbe-4ae3-b88b-89ccee619ab7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d7eed0f2-4824-4e9d-985a-d0f2399da851","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"6e5cb7c1-8cbc-4e38-8ce1-593433362a02","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"070b56f4-7810-4dad-b85f-bdfce9c08c10","name":"PlugX","type":"malware","source":"MITRE","software_attack_id":"S0013","tidal_id":"752d471d-217c-5c38-a58d-6b439707320b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"72732cf8-e171-4c4c-8125-d1ecbc35c7d5","name":"TVT","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"cca25e4e-d315-49e2-bfc1-be1ee4fac071","owner_id":null,"owner_name":null},{"id":"1ca41d56-b493-485e-8be7-8df56bbd6a64","name":"Sogu","description":"[[Lastline PlugX Analysis](https://app.tidalcyber.com/references/9f7fa262-cede-4f47-94ca-1534c65c86e2)][[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)][[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]","source":"MITRE","associated_software_id":"c3f88c02-a063-443a-a555-c582639f648c","owner_id":null,"owner_name":null},{"id":"54d00c23-dac1-4ec8-afd3-336ee81a5f6e","name":"Thoper","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"6795a6c5-8701-4fbd-b8f4-ff0b5bd04cc2","owner_id":null,"owner_name":null},{"id":"7af22b0e-4908-433d-867b-f7e656730c83","name":"DestroyRAT","description":"[[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]","source":"MITRE","associated_software_id":"c0090129-1ec8-46c2-94da-7094a1d1e8ca","owner_id":null,"owner_name":null},{"id":"0a70c7f8-48c1-40b3-bbd5-6309f5fbc39f","name":"Kaba","description":"[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]","source":"MITRE","associated_software_id":"6fb9ef48-3016-4f37-8254-1ae52022b6da","owner_id":null,"owner_name":null},{"id":"845347f6-c3a2-4518-a7a4-629a1424f622","name":"Korplug","description":"[[Lastline PlugX Analysis](https://app.tidalcyber.com/references/9f7fa262-cede-4f47-94ca-1534c65c86e2)][[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]","source":"MITRE","associated_software_id":"7ae0cf0a-daad-490c-90da-fe0e1f09a31c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used a variant of [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) to connect to Windows and Linux systems via SSH and Samba/CIFS.[[apt41_mandiant](https://app.tidalcyber.com/references/599f4411-6829-5a2d-865c-ac59e80afe83)][[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)][[Anomali MUSTANG PANDA October 2019](https://app.tidalcyber.com/references/70277fa4-60a8-475e-993a-c74241b76127)][[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)][[Avira Mustang Panda January 2020](https://app.tidalcyber.com/references/bc7755a0-5ee3-477b-b8d7-67174a59d0e2)][[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)][[Proofpoint TA416 Europe March 2022](https://app.tidalcyber.com/references/5731d7e4-dd19-4d08-b493-7b1a467599d3)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)][[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky LuminousMoth July 2021](https://app.tidalcyber.com/references/e21c6931-fba8-52b0-b6f0-1c8222881fbd)][[Bitdefender LuminousMoth July 2021](https://app.tidalcyber.com/references/6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3)]","group_attack_id":"G1014","group_id":"b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a","name":"LuminousMoth","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) loaders as part of intrusions.[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)][[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)][[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)][[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)][[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Envoy Panda Profile](/references/44879a86-9eda-4934-bfc4-cbc643ab113a)]","group_attack_id":"G3086","group_id":"ff71ddce-9e70-4aeb-b7df-9d1637be72bc","name":"ENVOY PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Winnti April 2013](https://app.tidalcyber.com/references/2d4834b9-61c4-478e-919a-317d97cd2c36)]","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Velvet Ant](https://app.tidalcyber.com/groups/f1c80880-e3ed-5223-90f5-840a3b89fe39) heavily relies on variants of [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) for various phases of operations.[[Sygnia VelvetAnt 2024A](https://app.tidalcyber.com/references/daa0360d-8a50-5256-8c95-cf68a3e7bb90)]","group_attack_id":"G1047","group_id":"f1c80880-e3ed-5223-90f5-840a3b89fe39","name":"Velvet Ant","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[New DragonOK](https://app.tidalcyber.com/references/82c1ed0d-a41d-4212-a3ae-a1d661bede2d)]","group_attack_id":"G0017","group_id":"f2c2db08-624c-46b9-b7ed-b22c21b81813","name":"DragonOK","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)][[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)][[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d8deb982-1a55-4950-bb89-3df99e1fe789","tag":"76195cff-8fc9-41a0-9914-86c2e258b284"},{"id":"74dfb711-389f-42b7-8b22-ef854d23eda9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"95c273d2-3081-4cb5-8d41-37eb4e90264d","name":"pngdowner","type":"malware","source":"MITRE","software_attack_id":"S0067","tidal_id":"a53f58ba-ac20-5ec2-883c-7bf5725155d1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dd1e8b57-4900-4823-b194-1526c1e00099","name":"Pnputil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3259","tidal_id":"d844b416-76cb-599b-a006-b4df444ca7d3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ff437c05-711f-4f45-9746-8a8106d794fa","name":"Pnputil.exe","description":"[[Pnputil.exe - LOLBAS Project](/references/21d0419a-5454-4808-b7e6-2b1b9de08ed6)]","source":"Tidal Cyber","associated_software_id":"6f09dbde-ae7a-4781-b317-286da2c88003","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f0b466f3-53e6-4cac-814a-0777aade06cd","tag":"6d924d43-5de3-45de-8466-a8c47a5b9e68"},{"id":"aedc9163-128f-45f1-8091-ec5e793c3aa4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f5531b1d-9f01-4e3a-aea3-5d9dec64fd75","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"79b4f277-3b18-4aa7-9f96-44b35b23166b","name":"PoetRAT","type":"malware","source":"MITRE","software_attack_id":"S0428","tidal_id":"7c46538e-2f6f-527e-abc7-46aafa3d837d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"1d87a695-7989-49ae-ac1a-b6601db565c3","name":"PoisonIvy","type":"malware","source":"MITRE","software_attack_id":"S0012","tidal_id":"e18bdce6-5951-561c-b469-79f93ef8e234","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"543d46b9-9205-4fb6-b4ab-890f15894f94","name":"Breut","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"76cb912d-02e3-4f99-8cde-6f9b3f75f752","owner_id":null,"owner_name":null},{"id":"f8e1f3a1-648c-4439-956c-1e2503451292","name":"Poison Ivy","description":"[[FireEye Poison Ivy](https://app.tidalcyber.com/references/c189447e-a903-4dc2-a38b-1f4accc64e20)] [[Symantec Darkmoon Sept 2014](https://app.tidalcyber.com/references/3362a507-03c3-4236-b484-8144248b5cac)]","source":"MITRE","associated_software_id":"5f9d7b30-b187-4437-8214-e6e966958553","owner_id":null,"owner_name":null},{"id":"1c9529d5-8187-42ab-901e-e6810946fb36","name":"Darkmoon","description":"[[Symantec Darkmoon Sept 2014](https://app.tidalcyber.com/references/3362a507-03c3-4236-b484-8144248b5cac)]","source":"MITRE","associated_software_id":"69b67620-b26e-42d3-bb65-b9a3fc734d19","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)][[District Court of NY APT10 Indictment December 2018](https://app.tidalcyber.com/references/79ccbc74-b9c4-4dc8-91ae-1d15c4db563b)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)][[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Advanced Persistent Threats](https://app.tidalcyber.com/references/2d16615b-09fc-5925-8f59-6d20f334d236)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DustySky](https://app.tidalcyber.com/references/b9e0770d-f54a-4ada-abd1-65c45eee00fa)][[DustySky2](https://app.tidalcyber.com/references/4a3ecdec-254c-4eb4-9126-f540bb21dffe)][[FireEye Operation Molerats](https://app.tidalcyber.com/references/6b24e4aa-e773-4ca3-8267-19e036dc1144)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Securelist APT Trends Q2 2017](https://app.tidalcyber.com/references/fe28042c-d289-463f-9ece-1a75a70b966e)]","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 Tropic Trooper Nov 2016](https://app.tidalcyber.com/references/cad84e3d-9506-44f8-bdd9-d090e6ce9b06)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Haq 2014](https://app.tidalcyber.com/references/4e10228d-d9da-4ba4-bca7-d3bbdce42e0d)]","group_attack_id":"G0002","group_id":"4510ce41-27b9-479c-9bf3-a328b77bae29","name":"Moafee","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)][[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Operation Quantum Entanglement](https://app.tidalcyber.com/references/c94f9652-32c3-4975-a9c0-48f93bdfe790)]","group_attack_id":"G0017","group_id":"f2c2db08-624c-46b9-b7ed-b22c21b81813","name":"DragonOK","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3aac567a-d205-4831-9ac6-c973b8f8e54f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3b7179fa-7b8b-4068-b224-d8d9c642964d","name":"PolyglotDuke","type":"malware","source":"MITRE","software_attack_id":"S0518","tidal_id":"b4a759b4-a0ec-5c2c-b01d-3e8815983001","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"db46a5df-dfe9-4eed-a8ad-a5aba90fe15c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"555b612e-3f0d-421d-b2a7-63eb2d1ece5f","name":"Pony","type":"malware","source":"MITRE","software_attack_id":"S0453","tidal_id":"995c5619-ca66-5c87-89c2-2e60a3650947","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"468bfb3a-56f7-4587-8083-cdf7149fd13f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1353d695-5bae-4593-988f-9bd07a6fd1bb","name":"POORAIM","type":"malware","source":"MITRE","software_attack_id":"S0216","tidal_id":"feee033d-7a2b-5271-ba00-d2f0392c0363","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"439059e2-f756-4c38-8d87-1d3c534f2e16","name":"POORTRY","type":"malware","source":"Tidal Cyber","software_attack_id":"S3151","tidal_id":"e8da4cd0-aa1d-55cc-9128-0f94892e6c2e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e00f1b00-9c9a-4306-82f9-07d7edf9e95b","name":"BurntCigar","description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","source":"Tidal Cyber","associated_software_id":"f71dddac-ad96-4fcd-ac98-94d62678c5eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f2515325-dc8d-4a34-8f60-6ee1acf1b299","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"13c4b853-513c-4628-ad03-40dc5fe7044f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7d2e0159-0e36-4da8-948f-524427c7685a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a3a03835-79bf-4558-8e80-7983aeb842fb","name":"PoshC2","type":"tool","source":"MITRE","software_attack_id":"S0378","tidal_id":"7f3dd898-8d57-5bd9-94fc-27931ea3cde1","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as PoshC2.[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)][[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"42218045-89f6-432b-8675-657e156a29b2","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"ba57603e-95fd-45ed-b525-6d1bb1f56199","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"b92f28c4-cbc8-4721-ac79-2d8bdf5247e5","name":"POSHSPY","type":"malware","source":"MITRE","software_attack_id":"S0150","tidal_id":"c83501d2-565d-5759-a9ac-b670a5cf1d06","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye POSHSPY April 2017](https://app.tidalcyber.com/references/b1271e05-80d7-4761-a13f-b6f0db7d7e5a)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bc0c6b09-0714-4f5f-a9a2-39f1ba29b225","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d9e4f4a1-dd41-424e-986a-b9a39ebea805","name":"PowerDuke","type":"malware","source":"MITRE","software_attack_id":"S0139","tidal_id":"3abb3e6d-fad5-50d3-9775-504887df5a8c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Volexity PowerDuke November 2016](https://app.tidalcyber.com/references/4026c055-6020-41bb-a4c8-54b308867023)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8451b1b0-d2dc-429d-8fc3-b8b6259c56c6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7bea0cbb-83af-56e5-a88e-e450b8364d63","name":"PowerExchange","type":"malware","source":"MITRE","software_attack_id":"S1173","tidal_id":"7bea0cbb-83af-56e5-a88e-e450b8364d63","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"79e528c9-eae4-469d-a7a3-7450e2cab842","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8b9159c1-db48-472b-9897-34325da5dca7","name":"PowerLess","type":"malware","source":"MITRE","software_attack_id":"S1012","tidal_id":"45ba2b7b-49d6-5f24-9882-f0f8c9d1e351","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason PowerLess February 2022](https://app.tidalcyber.com/references/095aaa25-b674-4313-bc4f-3227b00c0459)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"710a6b45-2869-49d8-8e4e-2bbdb61bd69c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"018ee1d9-35af-49dc-a667-11b77cd76f46","name":"Power Loader","type":"malware","source":"MITRE","software_attack_id":"S0177","tidal_id":"ca43d392-8b27-55d6-b289-016f004ab554","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"155053be-8a2c-4d5e-8206-36d992c5651d","name":"Powerpnt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3352","tidal_id":"6225a48d-324d-54a7-9222-c54e42c27c98","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b38a5e4f-22db-4fd4-b115-ef384754f5ee","name":"Powerpnt.exe","description":"[[Powerpnt.exe - LOLBAS Project](/references/23c48ab3-9426-4949-9a35-d1b9ecb4bb47)]","source":"Tidal Cyber","associated_software_id":"6f48252d-3e86-415b-ab77-8c833d608b47","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6b6025f4-0b70-45df-b783-e2fc39057ad4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"15e2ad6d-1e6d-4b5e-ab83-796eccffe721","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7cdaf70-5e28-442a-b34d-894484788dc5","name":"PowerPunch","type":"malware","source":"MITRE","software_attack_id":"S0685","tidal_id":"3e53aa5c-1a38-5a4d-aef5-43885a6fb96f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"de1f9350-f1d3-478d-b598-f765bf65335a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"acbc359f-5b4a-4ae1-ba35-67f1d89b2ac3","name":"PowerShell","type":"tool","source":"Trellix TIG","software_attack_id":"S3422","tidal_id":"a8450849-21d5-5fbe-8fb0-8fd463d0a5c6","platforms":[],"associated_software":[{"id":"15b20ae7-3425-4412-bf8b-dd41ec7f8c96","name":"powershell.exe","description":"","source":"Trellix TIG","associated_software_id":"614ce025-6b8e-456c-844a-0caa0159b5eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c9caa745-9133-41f8-920d-c8cbe8abf49d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2ca245de-77a9-4857-ba93-fd0d6988df9d","name":"PowerShower","type":"malware","source":"MITRE","software_attack_id":"S0441","tidal_id":"36dca2a3-aee0-5415-99aa-26bf0470d428","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Inception November 2018](https://app.tidalcyber.com/references/5cb98fce-f386-4878-b69c-5c6440ad689c)]","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a4700431-6578-489f-9782-52e394277296","name":"POWERSOURCE","type":"malware","source":"MITRE","software_attack_id":"S0145","tidal_id":"6a1fee05-22b1-5862-a655-535ff0fc6f43","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b92c79ab-39b6-46cd-9bd2-644df9632eed","name":"DNSMessenger","description":"Based on similar descriptions of functionality, it appears S0145, as named by FireEye, is the same as the first stages of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. [[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)] [[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]","source":"MITRE","associated_software_id":"6812793e-6342-4da6-b77f-ed29fab1fd9a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6c792c3b-02ff-436b-b3f8-d87edb57413d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"82fad10d-c921-4a87-a533-49def83d002b","name":"PowerSploit","type":"tool","source":"MITRE","software_attack_id":"S0194","tidal_id":"6834b187-b362-5155-a4e9-4dfb5cfa7115","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[X-Force BlackCat May 30 2023](/references/b80c1f70-9d05-4f4b-bdc2-6157c6837202)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cymmetria Patchwork](https://app.tidalcyber.com/references/d4e43b2c-a858-4285-984f-f59db5c657bd)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"28d10648-c01c-445c-9979-9c2c795193d7","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"bb7eb391-44aa-4e2d-8cc9-d5c8b419d529","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f003c073-fc10-4a44-9ac7-9e0c532b23c8","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"837bcf97-37a7-4001-a466-306574fd7890","name":"PowerStallion","type":"malware","source":"MITRE","software_attack_id":"S0393","tidal_id":"a431bb65-d657-55c4-9dad-8e473cd5bc54","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Turla PowerShell May 2019](https://app.tidalcyber.com/references/68c0f34b-691a-4847-8d49-f18b7f4e5188)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"684f1ba8-81ed-4178-856f-e9bfde418b1f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"39fc59c6-f1aa-4c93-8e43-1f41563e9d9e","name":"POWERSTATS","type":"malware","source":"MITRE","software_attack_id":"S0223","tidal_id":"d1c853da-efe2-5d19-8252-ca6204c14c32","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a5fc5f97-9985-405d-81bb-fcc79f20f2f9","name":"Powermud","description":"[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]","source":"MITRE","associated_software_id":"4aaf5b58-a6ca-4ec9-84fc-697469698130","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Unit 42 MuddyWater Nov 2017](https://app.tidalcyber.com/references/dcdee265-2e46-4f40-95c7-6a2683edb23a)][[FireEye MuddyWater Mar 2018](https://app.tidalcyber.com/references/82cddfa6-9463-49bb-8bdc-0c7d6b0e1472)][[ClearSky MuddyWater Nov 2018](https://app.tidalcyber.com/references/a5f60f45-5df5-407d-9f68-bc5f7c42ee85)][[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)][[ClearSky MuddyWater June 2019](https://app.tidalcyber.com/references/9789d60b-a417-42dc-b690-24ccb77b8658)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"39f4e4d5-c37b-47c5-b440-864f54450480","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b3c28750-3825-4e4d-ab92-f39a6b0827dd","name":"POWERTON","type":"malware","source":"MITRE","software_attack_id":"S0371","tidal_id":"77d4f92e-9a11-5758-abd8-f17246c8caad","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)][[Microsoft Holmium June 2020](https://app.tidalcyber.com/references/c249bfcf-25c4-4502-b5a4-17783d581163)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5519345d-7fbe-419e-9316-28e00d5e4bc7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b8a101e4-e0d2-4002-94c6-18ea30da7aa7","name":"PowerTool","type":"tool","source":"Tidal Cyber","software_attack_id":"S3041","tidal_id":"5d0cbd72-a676-5ec3-9f1f-550b1162d366","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d32d7dfc-a281-4a32-b5f8-cc0555775481","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"f91b0b40-a335-4a1b-bff6-849f30afac91","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"10632707-804b-422d-a342-b30231d5e0ad","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7d0280f2-d88a-4ad3-97e6-a315834bd075","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"489198cd-e289-4bc1-9147-8c786d2210a5","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"50983051-6cfb-4c92-b999-1910da35c3a6","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"851d5c54-f3db-4185-9df3-f421826bf282","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"369674d4-c0ba-41f1-8f0f-04d6488f954a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"04a56d3b-d0a5-441d-a40c-305579125713","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3b960761-ee4d-48ea-adbd-f2b77c274418","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"2af1343c-1493-41b5-be14-16675695d654","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"10456dbc-e285-447b-990c-c46779764af8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"601b28b1-e64e-4fd7-aed6-c2134a72adf2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fbeb76dc-1bcc-4225-b890-f5b9ac8f0d39","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9429ae35-9084-42b1-b60a-40a39fcc49f2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3192d79f-2a24-4461-b4c8-4b40ef7c163f","name":"POWERTRASH","type":"malware","source":"Tidal Cyber","software_attack_id":"S3016","tidal_id":"c4ee3085-9701-5cbe-9fe6-8393d24e408d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"04975824-50ec-48bb-8e03-1aa2a94ffb62","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cf16d1b9-6cd3-4a64-9e17-41733b37fefd","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"617e07dc-6d9b-467b-b3b8-e3148fcc1096","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7ed984bb-d098-4d0a-90fd-b03e68842479","name":"PowGoop","type":"malware","source":"MITRE","software_attack_id":"S1046","tidal_id":"e93baf6c-c6cb-5a8c-a1a4-c2fb34b9e113","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a2dd8b37-7f99-4235-86d0-3ab2a62b5fcb","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"67cdb7a6-5142-43fa-8b8d-d9bdd2a4dae4","name":"POWRUNER","type":"malware","source":"MITRE","software_attack_id":"S0184","tidal_id":"17885e4f-12d4-5213-b19f-b4398591677e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"743ac359-bcca-4019-97fa-e35c06ac3fcc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8127f51d-dce0-405a-a785-83883ba19c23","name":"Presentationhost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3260","tidal_id":"3be4f109-ccba-5103-8090-386cbd67ffb5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed47f984-aa6e-408f-8779-772efa509344","name":"Presentationhost.exe","description":"[[Presentationhost.exe - LOLBAS Project](/references/37539e72-18f5-435a-a949-f9fa5991149a)]","source":"Tidal Cyber","associated_software_id":"80b9a847-0d74-4c15-b86b-d34e43cfef21","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a0d0ef9e-c5f7-4905-8c07-979a8ed8253e","tag":"0661bf1f-76ec-490c-937a-efa3f02bc59b"},{"id":"2e99e9da-a547-464a-9695-c709390531b4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3cb516ca-75ca-4cb0-ba19-ba8500ac8c79","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4fb5b109-5a5c-5441-a0f9-f639ead5405e","name":"Prestige","type":"malware","source":"MITRE","software_attack_id":"S1058","tidal_id":"bd5aafa1-3049-5691-a81f-4c0921cfa108","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Prestige ransomware October 2022](https://app.tidalcyber.com/references/b57e1181-461b-5ada-a739-873ede1ec079)][[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f85c9e11-d735-452d-af49-483def23286c","tag":"92ce4726-c01f-4e51-a36d-f72fcfa77d79"},{"id":"c8294dd5-067d-4182-9431-488c7005d88f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9614ed28-f283-48f7-8d54-896e1ddb7f2f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"1da989a8-41cc-4e89-a435-a88acb72ae0d","name":"Prikormka","type":"malware","source":"MITRE","software_attack_id":"S0113","tidal_id":"3cf07b18-753c-5801-ad39-d3ac4feea2f5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f2e4a702-5189-47f9-95ef-94a18e802026","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8ad4945d-6c54-4472-a476-906a9860fb82","name":"Print","type":"tool","source":"Tidal Cyber","software_attack_id":"S3261","tidal_id":"5ffdf4af-8cc2-5381-baed-c8b2307d5bba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5bc16a17-f5d8-41a8-95eb-855b19db8634","name":"Print.exe","description":"[[Print.exe - LOLBAS Project](/references/696ce89a-b3a1-4993-b30d-33a669a57031)]","source":"Tidal Cyber","associated_software_id":"5d8bd4c1-3ab5-4521-8ee8-5da3aad90b7d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8f968267-8e86-49b2-9ea3-1a192b8a4329","tag":"01aca077-8cfb-4d1d-9b83-3678cd26f050"},{"id":"a9e47517-496c-4cf0-a815-6ccc230ea848","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f5bcaaae-2650-42d3-8dc7-04b2f10f13d8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"93ec2323-f93b-4d21-9930-f367948187f0","name":"PrintBrm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3262","tidal_id":"f72d4783-ef92-5187-8c2c-b88f8e0a5232","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"367a91cf-e761-4fc5-a0a9-177e8cf0f92f","name":"PrintBrm.exe","description":"[[PrintBrm.exe - LOLBAS Project](/references/a7ab6f09-c22f-4627-afb1-c13a963efca5)]","source":"Tidal Cyber","associated_software_id":"91a3db3c-53a5-4ee8-9586-af5d8f95ce4c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"66eddf67-985f-4eb4-8495-420327ca7f66","tag":"37a70ca8-a027-458c-9a48-7e0d307462be"},{"id":"f784e591-40fb-41b0-8b8d-47683fca2c1f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1b8d9fa5-74d7-4dfd-8dfa-91821ae498c8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4f724555-7bd5-47ca-85de-70b5d6dc5281","name":"printf","type":"tool","source":"Trellix TIG","software_attack_id":"S3389","tidal_id":"8c30baec-270b-5402-aa87-0680af0b9162","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0d6e00a3-6237-458a-85e5-1128bd7f4f50","name":"ProcDump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3038","tidal_id":"b511d5b0-9a9b-53ba-9ca8-da9f0249aa3b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"68b33e23-ad45-467e-991f-0a2e949ef390","name":"Microsoft Sysinternals ProcDump","description":"","source":"Tidal Cyber","associated_software_id":"f2c150e6-f4dc-4766-8579-16e739a6ca9b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)][[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)][[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c981c263-b8d7-4019-b79b-99130ef35558","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"653409a6-ee3f-4812-9f99-be430a107dcb","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"66154a51-45f6-4366-8374-17d8ca46df40","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a08d0bc8-5f62-410b-9548-837efc062d02","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"97f9b405-5eb1-4292-8434-ec53d42b88c9","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a8a358c2-8b85-4c8c-a623-1ecba4ab9e82","tag":"c3eaf8a7-06e5-4e3a-9615-36316d9e10a8"},{"id":"847dfdc8-d764-41ee-8fba-18b14dbd2820","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"270d04d4-4b73-44cf-a2e1-293daae8cfc3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"7a9ac0a8-6d3e-4423-90e7-c41546f3a409","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b644322c-6556-4e4b-bbd0-23ef3f26157d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"461972a0-00fb-462d-bc04-300846ba77e8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"30011f85-2379-4e46-9559-4e3246e45886","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b25e6f18-9443-4ce6-b537-71b44a5da1a5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3506ef1c-c291-4b20-8b13-1b818a65aacc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1d2332ba-2b5d-4456-8a9b-e4ddd6ef3873","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d390ea7d-0995-4069-924d-65d6c7c98e3c","name":"Process Hacker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3042","tidal_id":"d3e10e06-18c7-538e-980b-0413c9041270","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Play Spotlight July 21 2023](/references/6cf9c6f0-7818-45dd-9afc-f69e394c23e4)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6f4e7d89-68fb-423f-b750-38d95acd6686","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a7dd5ae9-b156-4be7-8985-a5743982c671","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1518f989-7d0e-46c4-bf5f-70d158a27396","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d680f50d-42c7-4c8a-917a-77be12f33cdb","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f0e241d3-f2b6-4f92-afe6-3167d6775715","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"802256ea-128c-4c57-8106-62614c4dde68","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"18c90355-d45f-47fb-94e4-0d9a528f9c1e","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4bebf22d-28d5-4513-b6b1-51ee3a826041","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8d0839ba-c15c-412c-973a-81cbb782cd62","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0b4ad820-f47c-46b3-ae15-0856adc31b3c","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"977cff73-f5f3-470f-9a7f-00c24c3b2e7d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9bdf2682-9fb2-4d84-98f1-6f7dde26846a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"65b2bbca-d263-4019-b0f6-11254a795efd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c8af096e-c71e-4751-b203-70c285b7a7bd","name":"ProLock","type":"malware","source":"MITRE","software_attack_id":"S0654","tidal_id":"96d266b4-0a4c-5ecb-b21f-e81fec72f5e6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6165b58a-cc1d-4774-98d5-d9bb64b21066","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ac485c5b-72d9-4456-aa13-bdabf2b3c287","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"2ecf8041-8069-41a0-b6e8-5b328ae69e31","name":"ProtocolHandler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3353","tidal_id":"b535ae10-57ee-5c73-8453-a6fbee879665","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"13e2dec9-19c7-4364-98dc-af08542b3698","name":"ProtocolHandler.exe","description":"[[ProtocolHandler.exe - LOLBAS Project](/references/1f678111-dfa3-4c06-9359-816b9ca12cd0)]","source":"Tidal Cyber","associated_software_id":"e8e39cc1-349c-43ca-b45d-9e8f5ead6be4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a6b0b01b-508f-4d10-a73c-cc5469206187","tag":"77131d00-b8b2-42ef-afbd-1fbfc12729df"},{"id":"045754e9-b562-4c4c-ad40-d3179783cfab","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2650c5e4-07a2-4c0a-8f4f-f28835f560a6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d3bcdbc4-5998-4e50-bd45-cba6a3278427","name":"Proton","type":"malware","source":"MITRE","software_attack_id":"S0279","tidal_id":"61b143cd-3d6c-53b3-89a7-31428537414a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"83e1ac24-3928-40ba-b701-d72549a9430c","name":"Provlaunch","type":"tool","source":"Tidal Cyber","software_attack_id":"S3263","tidal_id":"65154204-6672-59bc-8ae5-58bdd065a27a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5cae27fd-b63d-4bc8-940c-857f3d5a730d","name":"Provlaunch.exe","description":"[[Provlaunch.exe - LOLBAS Project](/references/56a57369-4707-4dff-ad23-431109f24233)]","source":"Tidal Cyber","associated_software_id":"7eaa281e-d584-46da-bf0a-abc1fd34f925","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e9ff6904-9422-408f-8e17-5ba462d0aa29","tag":"9e5ec91c-0d0f-4e40-846d-d7b7eb941e17"},{"id":"a0bf310b-d54a-467f-8779-8f88b19f34d7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ed67188c-f71a-4f3f-af78-03776f2aa554","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b62c13d5-729c-46a8-ae4d-98bc1ab919cb","name":"ProxyChains","type":"tool","source":"Tidal Cyber","software_attack_id":"S3168","tidal_id":"cccca235-e7b0-54a8-9bc3-1df4fbb2a906","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"60d2a0e9-a3ad-4faa-89a0-ccad2d451a1a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6ede9888-77fd-4fd6-a774-e3e7fc7d9d2b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"aed326bd-bb29-4715-ad76-762ef58ac2f9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"a0a90e11-1b4b-47e6-8a66-4ae14ce0176b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6b813d3f-a46b-429c-ab1a-dda8f09ea0f1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f2e15fc7-1e3a-46cc-8875-df2e2e283757","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0da37029-d3e3-40d9-9d03-69f23e09299d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"76610681-8932-4a58-9f95-defb66e22cb6","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":"TidalCyberIan"},{"id":"94f43629-243e-49dc-8c2b-cdf4fc15cf83","name":"Proxysvc","type":"malware","source":"MITRE","software_attack_id":"S0238","tidal_id":"cb1627a4-6fa4-53ed-bae3-7a3b4ef06036","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[McAfee GhostSecret](https://app.tidalcyber.com/references/d1cd4f5b-253c-4833-8905-49fb58e7c016)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8cd401ac-a233-4395-a8ae-d75db9d5b845","name":"PS1","type":"malware","source":"MITRE","software_attack_id":"S0613","tidal_id":"b2aea616-221e-5797-94a3-4a0c7982fc5b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"73eb32af-4bd3-4e21-8048-355edc55a9c6","name":"PsExec","type":"tool","source":"MITRE","software_attack_id":"S0029","tidal_id":"bb81ac00-781a-53fb-8216-fe0e5681e890","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)][[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec WastedLocker June 2020](https://app.tidalcyber.com/references/061d8f74-a202-4089-acae-687e4f96933b)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)][[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)][[Symantec Dragonfly Sept 2017](https://app.tidalcyber.com/references/11bbeafc-ed5d-4d2b-9795-a0a9544fb64e)][[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye FIN6 April 2016](https://app.tidalcyber.com/references/8c0997e1-b285-42dd-9492-75065eac8f8b)][[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)][[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)][[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Securelist DarkVishnya Dec 2018](https://app.tidalcyber.com/references/da9ac5a7-c644-45fa-ab96-30ac6bfc9f81)] ","group_attack_id":"G0105","group_id":"d428f9be-6faf-4d57-b677-4a927fea5f7e","name":"DarkVishnya","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[FIN5](https://app.tidalcyber.com/groups/7902f5cc-d6a5-4a57-8d54-4c75e0c58b83) uses a customized version of PsExec.[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye TRITON 2019](https://app.tidalcyber.com/references/49c97b85-ca22-400a-9dc4-6290cc117f04)][[Dragos Xenotime 2018](https://app.tidalcyber.com/references/b20fe65f-df43-4a59-af3f-43afafba15ab)]","group_attack_id":"G0088","group_id":"3a54b8dc-a231-4db8-96da-1c0c1aa396f6","name":"TEMP.Veles","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason INC Ransomware November 2023](https://app.tidalcyber.com/references/ebe119d6-add3-5a1b-8e5f-b6419f246ba9)][[Huntress INC Ransom Group August 2023](https://app.tidalcyber.com/references/d315547d-26e3-5130-a794-658eecf1e0df)][[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)][[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-1314](https://app.tidalcyber.com/references/79fc7568-b6ff-460b-9200-56d7909ed157)]","group_attack_id":"G0028","group_id":"0f86e871-0c6c-4227-ae28-3f3696d6ae9d","name":"Threat Group-1314","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Thrip](https://app.tidalcyber.com/groups/a3b39b07-0bfa-4c69-9f01-acf7dc6033b4) used PsExec to move laterally between computers on the victim’s network.[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Check Point Research Rhysida August 08 2023](/references/0d01416f-4888-4b68-be47-a3245549cec5)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) to remotely execute payloads during wormable ransomware execution.[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[HC3 Analyst Note MedusaLocker Ransomware February 2023](/references/49e314d6-5324-41e0-8bee-2b3e08d5e12f)]","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Netscout Stolen Pencil Dec 2018](https://app.tidalcyber.com/references/6d3b31da-a784-4da0-91dd-b72c04fd520a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]\n","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) for remote process execution.[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)] ","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) through frameworks such as [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for remote command execution.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](https://app.tidalcyber.com/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)][[Check Point Pay2Key November 2020](https://app.tidalcyber.com/references/e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)][[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)][[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[redpiranha.net March 17 2025](/references/9399efb7-e91c-4acb-8b0f-6cde20592198)]","group_attack_id":"G3091","group_id":"1b76d6eb-ad30-4447-a32c-6e4ca9f28e63","name":"Stormous","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)][[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"21ef53d0-eadf-4172-9e84-b1970320dff4","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"4a276dc7-cd68-4f84-8524-829e72772433","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"7d9046b4-f490-481e-9ab8-9dcdc6bc25c8","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"977cddaa-5621-4b00-aed1-daaeef940e2c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"5daf8667-56e9-4e1b-a67d-f0f74fb4a3e0","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3f8d727a-1064-4c06-a252-174e952197ea","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"42835952-0d06-4a95-8efe-3b9209f8f19a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"64dbc312-d69b-4608-a82b-5f7c4e49fe19","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"b2b3b3c9-6a0d-4140-a7aa-9feb1ccbcb35","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"cb8f8571-ae6a-4012-852d-c429728e5616","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bed26738-7dea-458b-ab9b-4da9047433cd","tag":"950e8d3a-044b-43e3-b5db-bba61f70ff51"},{"id":"349ccd22-c533-4632-9064-0705c60e8a2f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3a4373e2-1581-4e1d-ae52-4abb6ec759dc","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"1e9e65fb-f4f0-494e-88f0-2c53f747b4bc","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"714f26af-0490-4722-93f3-d8bde4a678ef","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"b4e892e4-2914-4876-8747-f6ad8ee5832a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f53f9359-2f9e-4d90-afdc-e6b858ad6c07","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"61caed8a-3ad8-4fcc-aac0-5c66fafc3245","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f111c463-31cf-4e13-9ce7-a08a511252d7","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"aa2175da-3f64-4dea-b6a9-ddab181dfd47","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1945584b-bb16-48a2-902d-2a1c9591efcd","name":"Psr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3264","tidal_id":"5fb17f5a-d3d6-5157-ac70-0574885eece3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1ff4ff25-6d92-4b1e-9e13-b463e4be35a0","name":"Psr.exe","description":"[[Psr.exe - LOLBAS Project](/references/a00782cf-f6b2-4b63-9d8d-97efe17e11c0)]","source":"Tidal Cyber","associated_software_id":"85383485-01f9-42a5-9b44-c45c03eae766","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8454e5e4-6059-4489-86eb-c1b4eca449c9","tag":"08f4ef8d-94bb-42f7-b76d-71bcc809bcc9"},{"id":"19145481-5a3e-4035-8112-af2560d39d8d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b3811437-3083-4f8b-95f3-2dad0abf7820","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8c35d349-2f70-4edb-8668-e1cc2b67e4a0","name":"Psylo","type":"malware","source":"MITRE","software_attack_id":"S0078","tidal_id":"5695c949-a9e2-58ee-b6ae-5a3473e677aa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7fed4276-807e-4656-95f5-90878b6e2dbb","name":"Pteranodon","type":"malware","source":"MITRE","software_attack_id":"S0147","tidal_id":"2e38c3ca-d24c-5605-ae4e-a15297e7ac0b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a1cda810-73ac-4485-82af-6f01e0c71e97","name":"Pterodo","description":"[[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)][[Secureworks IRON TILDEN Profile](https://app.tidalcyber.com/references/45969d87-02c1-4074-b708-59f4c3e39426)]","source":"MITRE","associated_software_id":"e3e379e2-1543-4794-9b89-852ba7f6eac7","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Palo Alto Gamaredon Feb 2017](https://app.tidalcyber.com/references/3f9a6343-1db3-4696-99ed-f22c6eabee71)][[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)][[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)][[Unit 42 Gamaredon February 2022](https://app.tidalcyber.com/references/a5df39b2-77f8-4814-8198-8620655aa79b)][[Secureworks IRON TILDEN Profile](https://app.tidalcyber.com/references/45969d87-02c1-4074-b708-59f4c3e39426)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e18614b3-cf46-4a02-9e2a-6c8f3e924cd7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c1215fe3-95e4-49e1-9cb2-54d1827df0aa","name":"PTSOCKET","type":"malware","source":"Tidal Cyber","software_attack_id":"S3175","tidal_id":"a82e9868-d35b-58e2-9f05-b5f39230b3ba","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1d1ed92c-3ae6-4482-8a77-283ad83ebd93","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"663e4ffe-5a3f-4c1b-87ae-41181c1322c2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d5731d6e-845b-48f3-9bfe-f671b6504318","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"13ee9058-0902-484e-8096-670c882cb18d","name":"PUBLOAD","type":"malware","source":"Tidal Cyber","software_attack_id":"S3176","tidal_id":"0d581842-487b-5181-bc6a-f0c46937719f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a003d108-da09-41b5-90af-fa41d91c30ab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"445ede70-51fe-435b-b94d-93f77e2cd277","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cca0e692-707a-4ec9-a3a2-172fca136a4f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"58883c83-d5be-42fc-b4bd-9287e55cd499","name":"Pubprn","type":"tool","source":"Tidal Cyber","software_attack_id":"S3381","tidal_id":"90f2e6ff-8d4d-58bb-8290-b84da98c7085","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ddb84c06-8f51-446c-ad1d-8c68c194a499","name":"Pubprn.vbs","description":"[[Pubprn.vbs - LOLBAS Project](/references/d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5)]","source":"Tidal Cyber","associated_software_id":"a5f525c2-c9ad-4b97-be30-659bbc34107d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Twitter ItsReallyNick APT32 pubprn Masquerade](/references/731865ea-2410-40ac-85cf-75f768edd08a)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8d7b4378-d3e4-420c-a679-4ef6d4a37919","tag":"8177e8ac-f80d-477d-b0af-c2ea243ddf00"},{"id":"602392bc-cef8-479b-bc20-183bc8eaa4e4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6b518114-c8b0-4aa4-881d-21baa5304646","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d777204c-f93c-54d9-b80e-41641a3d55ce","name":"PULSECHECK","type":"malware","source":"MITRE","software_attack_id":"S1108","tidal_id":"d2e206ad-b5cb-5784-8b1b-24b69b5048d4","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"74eb97b8-fc2c-41f0-b497-aad08a52777e","name":"Pulseway","type":"tool","source":"Tidal Cyber","software_attack_id":"S3093","tidal_id":"d066082d-34ac-5b04-8f87-bba1317c840d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"71241469-a022-4816-9ac3-f7ce87c348a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a7b8b606-1ca6-4352-bcae-7749900013a6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1650af9c-c59d-4333-aa20-dfe42abab98d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"935a4578-62b1-47be-b723-9ba2343fddd6","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"d8999d60-3818-4d75-8756-8a55531254d8","name":"PUNCHBUGGY","type":"malware","source":"MITRE","software_attack_id":"S0196","tidal_id":"39449e15-966a-5622-9304-80d5aea94d08","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4403132d-1d58-43ac-a916-805983d9bd09","name":"ShellTea","description":"[[Morphisec ShellTea June 2019](https://app.tidalcyber.com/references/1b6ce918-651a-480d-8305-82bccbf42e96)]","source":"MITRE","associated_software_id":"8f1073b3-4371-488d-b299-7e6f6e6fcae9","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye Fin8 May 2016](https://app.tidalcyber.com/references/2079101c-d988-430a-9082-d25c475b2af5)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c49f7ecc-0b8e-400b-ba82-fc2062e93586","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"1638d99b-fbcf-40ec-ac48-802ce5be520a","name":"PUNCHTRACK","type":"malware","source":"MITRE","software_attack_id":"S0197","tidal_id":"c282d3c1-b4c8-5562-a336-4ddaa42d73e7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b0f3c20b-987b-4c29-bb83-b047ea178d52","name":"PSVC","description":"[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]","source":"MITRE","associated_software_id":"b81c8997-5615-4fc9-a091-a5842cf69819","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye Fin8 May 2016](https://app.tidalcyber.com/references/2079101c-d988-430a-9082-d25c475b2af5)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6f67300c-da3d-4ff1-a852-eee34429ca6d","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"0a8bedc2-b404-4a9a-b4f5-ff90ff8294be","name":"Pupy","type":"tool","source":"MITRE","software_attack_id":"S0192","tidal_id":"17c17841-a34e-5a28-a3d8-0ea3153e58be","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Magic Hound Feb 2017](https://app.tidalcyber.com/references/f1ef9868-3ddb-4289-aa92-481c35517920)][[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)][[Secureworks Cobalt Gypsy Feb 2017](https://app.tidalcyber.com/references/f9de25b4-5539-4a33-84b5-f26a84544859)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a381cec1-9e87-415e-9025-a6e31fc8a48d","name":"PureCrypter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3007","tidal_id":"9dfd511a-8cc9-54df-94ce-909b8d5d38f9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6b05afeb-331e-4dc2-b1c3-69bbd7f867d2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6f0224cd-8c28-4d57-b34b-7c225f024603","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"65434024-33d8-4c9f-9437-06f1f8ac46ce","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"313c78e9-488d-4fbc-a6e5-05c0df3cb8a4","name":"PuTTy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3090","tidal_id":"6c52bd24-92dd-5279-b11f-065dac26d800","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)][[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"01acb24c-963f-45fc-bf27-a31937c2e316","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"73b8a4a7-dd65-471e-9c15-7b453edf16ac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"596fe4d4-db66-44a2-b2bd-18cae7ed2c8a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"33f2a8b4-d4b6-41ad-a48b-a990d946b99f","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"d8451045-3e59-4807-b5c4-e9171c067389","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"203d718c-414c-4c8e-b02a-5b33f7424ae4","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"d5ed1495-a0e5-40d2-a6d9-2358445ca1bb","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"992dfcb7-23d4-4187-a1ec-80dea2e9acbe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7e4e8aae-e04b-4e7f-ab31-9b0cfc7bf739","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f5183917-b572-44e2-b683-879052d7edb9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":"TidalCyberIan"},{"id":"77f629db-d971-49d8-8b73-c7c779b7de3e","name":"pwdump","type":"tool","source":"MITRE","software_attack_id":"S0006","tidal_id":"e7aaaf67-4a3e-5bf3-bd48-b82359eb09c3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"93e36125-58bc-44c1-acbc-751a205a4200","tag":"c1f5abc0-340f-4b93-96d7-ca6ea7942b64"},{"id":"2f6c6a22-970c-4856-81b3-e1bdbffdcc43","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"51b2c56e-7d64-4e15-b1bd-45a980c9c44d","name":"PyDCrypt","type":"malware","source":"MITRE","software_attack_id":"S1032","tidal_id":"e26ed381-3ae4-5bad-b03f-6f4ff252f2aa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9901f10d-fc94-41ff-9e34-7cb5ad6b1709","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0397d3ac-4a8f-4ec9-bab8-620eccfe3012","name":"PylangGhost","type":"malware","source":"Tidal Cyber","software_attack_id":"S3508","tidal_id":"f4c26108-a1a1-5b65-bc68-dcf72137659b","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cisco Talos Blog June 18 2025](/references/bd498a3d-c411-41b1-b55a-f700aaf5e166)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b6988ac5-cf49-4ea8-b149-ad3843a26180","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"1a540af5-6537-4f88-8037-dabda373e145","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"12de014f-356c-4fa7-95e3-50c1175894c9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0d5ecce-eca0-4f01-afcc-0c8e92323016","name":"Pysa","type":"malware","source":"MITRE","software_attack_id":"S0583","tidal_id":"fff82c21-7e4e-550c-98f3-ad32a32572b8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"300e845e-5b85-4dd8-a8f1-6202c1cbbb45","name":"Mespinoza","description":"[[CERT-FR PYSA April 2020](https://app.tidalcyber.com/references/4e502db6-2e09-4422-9dcc-1e10e701e122)][[DFIR Pysa Nov 2020](https://app.tidalcyber.com/references/a00ae87e-6e64-4f1c-8639-adca436c217e)][[NHS Digital Pysa Oct 2020](https://app.tidalcyber.com/references/5a853dfb-d935-4d85-a5bf-0ab5279fd32e)]","source":"MITRE","associated_software_id":"da345299-97db-4e76-b81f-265ebd54cbcb","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"26ad2d39-632d-423b-af84-d34d42ab2d59","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"e262c17a-6b89-4bee-bdb2-eeaa4ed6fb1f","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"def8a90c-49c9-4983-b960-cd77fa5467f3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0e1b5794-096a-48b3-9c75-25d767e5a5bf","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"141d7509-9274-4088-95d3-df5b59308cc7","name":"pysoxy","type":"tool","source":"Trellix TIG","software_attack_id":"S3423","tidal_id":"a57385c7-1218-5dd6-aea2-e6dd3a89c471","platforms":[],"associated_software":[{"id":"b5f04628-78b9-48ff-853c-067e4262450f","name":"PySoxy tunneler","description":"","source":"Trellix TIG","associated_software_id":"6048dd51-7c32-4553-9900-69d4267cee24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"bd0de85a-3618-4b38-8642-c553e49865e0","name":"python.exe","type":"tool","source":"Trellix TIG","software_attack_id":"S3430","tidal_id":"b437d325-9b6b-546e-a42f-37191906bf1b","platforms":[],"associated_software":[{"id":"44226774-1945-4078-b5da-67d406ec5c0a","name":"python","description":"","source":"Trellix TIG","associated_software_id":"6a3538c2-31c8-4cec-bb3d-e09bfbf478ba","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5ed73469-987e-44d8-9c94-878d45193137","name":"pythonw","description":"","source":"Trellix TIG","associated_software_id":"76a32f72-952f-4c20-9ed3-b3ed277e0ef6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fef3df5b-7b33-473c-87b4-fc466e5c94ff","name":"pythonw.exe","description":"","source":"Trellix TIG","associated_software_id":"cdf3207a-4c7f-4982-a74c-c3f81998a946","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"15fbf26d-47b3-41a8-9e06-d634bcb1ab8c","name":"PyXie RAT","type":"malware","source":"Trellix TIG","software_attack_id":"S3399","tidal_id":"ae335675-9306-5749-b6fe-3b78774953af","platforms":[],"associated_software":[{"id":"cb380380-3471-49d8-b949-c2c8197e69c2","name":"PyXie","description":"","source":"Trellix TIG","associated_software_id":"bacec3a6-0d63-4e87-88c8-49ee44ddf6b8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c330dacc-4c8d-48d0-9ae6-1b642ac31ee1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"52d7f02c-9b27-4a80-bdfc-c78c8cd8c2f9","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"9050b418-5ffd-481a-a30d-f9059b0871ea","name":"QakBot","type":"malware","source":"MITRE","software_attack_id":"S0650","tidal_id":"bfbd1f4e-0d0d-5b90-9460-03d56a5c5f11","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8af95392-abee-4203-8b47-cf68adab9b9e","name":"QuackBot","description":"[[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)]","source":"MITRE","associated_software_id":"e26ce4bb-2117-4f21-be70-5cb4c448c303","owner_id":null,"owner_name":null},{"id":"bd740660-b68f-4f6b-b349-519a6db9ca23","name":"QBot","description":"[[Trend Micro Qakbot December 2020](https://app.tidalcyber.com/references/c061ce45-1452-4c11-9586-bd5eb2d718ab)][[Red Canary Qbot](https://app.tidalcyber.com/references/6e4960e7-ae5e-4b68-ac85-4bd84e940634)][[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)][[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]","source":"MITRE","associated_software_id":"11b32ebe-8ee3-46bc-aaf0-b0761dfa9c0c","owner_id":null,"owner_name":null},{"id":"986bf1c1-04d0-414f-bcaf-d809ec422091","name":"Pinkslipbot","description":"[[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)][[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]","source":"MITRE","associated_software_id":"96dcc3d3-057c-4e81-b833-a9f09c1f3194","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) operations have included deployment of [QakBot](https://app.tidalcyber.com/software/9050b418-5ffd-481a-a30d-f9059b0871ea).[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bfcd4bbd-ca94-47cf-b436-2d34d0455825","tag":"31f0198c-f5f6-439e-a2ca-e45090194070"},{"id":"7406b959-686c-42fe-9737-bc215d8f5117","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"63c4a56f-d48f-459e-8600-1477d7af96ff","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"faecc696-ecc3-45a1-b06a-8014aeb4ad7b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6ac7d1e7-9d42-41b2-b7f7-f4094e9202c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a4f3f121-e313-45d8-b2a7-2cd02a808e69","tag":"e096f0dd-fa2c-4771-8270-128c97c09f5b"},{"id":"c15ede1c-a400-4882-9d0c-20ffb3f31ee0","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"b6c70553-69b7-4c6d-8c56-bf7b90a0f586","name":"QDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3469","tidal_id":"78c7390c-a157-50c3-bca4-37834c9e5671","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ConnectWise LinkedIn September 25 2024](/references/b83aacf3-26b4-4913-85f2-95cbd1d08bcc)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"142ada54-efed-4e27-84e1-99dc92bee412","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"69d8b304-e6d2-42fc-b036-afc35c6c2a1a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9d232a11-8e52-430e-8de8-cc9d4d329080","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b78dda9-d273-4ffc-9a9f-75e80178c7b2","name":"Qilin Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3141","tidal_id":"bed30690-2f43-5049-bf93-96d576486923","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e88189ae-bd14-4c44-b103-f7b06057d828","name":"Agenda","description":"[[Trend Micro March 26 2024](/references/d5634b8e-420a-4721-a3d2-19d9f36697f4)]","source":"Tidal Cyber","associated_software_id":"86445703-67c0-4dc3-9529-c75ffd3bfc92","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d9d8cb18-13e9-44d4-9844-355454aedfc8","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"8c82194d-2110-4e8b-bc83-2c6d93df3118","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"717337c5-4be1-4e3d-930d-aadc7f3ddc0b","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"411159f9-e2ab-499a-ad82-45d77a5e4264","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e2ae14a2-3cfe-4bef-890b-f9231a26abd2","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"36bff74f-7969-48a5-bb31-d4be4c52224f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"01a33c16-7eb3-4494-8c05-b163f871b951","name":"Qilin Ransomware (Linux)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3123","tidal_id":"73eaf1cd-79d8-5f66-a39c-b33311ca4a4f","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cdd7dce9-aa26-4913-991f-3cf4aa5cd867","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"9768df75-ca18-4a00-b0cf-0db2a69d84a8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"063e3136-a2e4-4049-99ba-d27b2d8d41f2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"799727c5-27b5-41dd-a557-1a63f99f0e82","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0d01b9cf-8276-46c2-8cb4-1c8a4cb12ab3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5150615e-2edb-4f19-bafe-a00697eaa741","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"adcf70d6-74e0-4436-bc92-f05bc924bf80","name":"Quad7 Botnet","type":"malware","source":"Tidal Cyber","software_attack_id":"S3171","tidal_id":"17cf18fc-5abe-5501-9e12-7974921563fc","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"7b46724b-338a-4f43-9dd5-7cc49477247a","name":"xlogin","description":"[[Microsoft Storm-0940 October 31 2024](/references/09651ef7-0052-4ba0-b369-7990de978485)]","source":"Tidal Cyber","associated_software_id":"2bdfa7f0-19c9-488d-84c6-496c63b19d4c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"b8ebc87e-86b6-426b-8af7-446d2f4a5ffb","name":"CovertNetwork-1658","description":"[[Microsoft Storm-0940 October 31 2024](/references/09651ef7-0052-4ba0-b369-7990de978485)]","source":"Tidal Cyber","associated_software_id":"5d8bfd1b-4662-4faa-b3a4-8ca4914c0d39","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c5777f58-9e30-4d71-9350-238ad980acfc","name":"7777 Botnet","description":"[[Sekoia.io Blog July 23 2024](/references/ae84e72a-56b3-4dc4-b053-d3766764ac0d)]","source":"Tidal Cyber","associated_software_id":"fea64137-62f2-4d5f-be77-97ea0b0aa54d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Sekoia.io Blog July 23 2024](/references/ae84e72a-56b3-4dc4-b053-d3766764ac0d)]","group_attack_id":"G3052","group_id":"bf3d1108-0bcd-47ae-8d71-4df48e3e2b43","name":"Quad7 Botnet Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c204a1d0-2fb4-4c30-8776-0408a9f5ad80","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"c585ba7a-775a-43dc-ae8e-e18eedb859b1","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"82f000f0-6d83-4b52-8402-158d05ce6049","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"715ed169-911c-49c6-bbaf-3bc3aad37000","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"79832da8-da56-4a4d-943f-eeafbe8e0e81","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7101789b-16d6-47a5-bbbb-62d30ed83f93","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bf68242-1dbd-405b-ac35-330eda887081","name":"QUADAGENT","type":"malware","source":"MITRE","software_attack_id":"S0269","tidal_id":"796f2374-d8e0-53d6-8036-8c398421a00f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 QUADAGENT July 2018](https://app.tidalcyber.com/references/320f49df-7b0a-4a6a-8542-17b0f56c94c9)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2a9a1823-0eb4-4f34-8c8d-bbc255c9600a","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"b0c18cd8-a859-4cd2-9558-33e5bcd4610c","name":"Quantum Locker","type":"malware","source":"Tidal Cyber","software_attack_id":"S3184","tidal_id":"002a36c5-05a2-5ad2-b867-c1f220dcae57","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"21a548c6-d062-414f-a2cb-033ea588cbf6","name":"Quantum Ransomware","description":"","source":"Tidal Cyber","associated_software_id":"82e53718-77dc-4085-bf1a-1b1ecc3691bd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Quantum Ransomware May 9 2022](/references/19027620-216a-4921-8d78-f56377778a12)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"be4dee41-5203-4f3a-968a-2bc49668fc52","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"b9123ac6-3abf-4b5a-b0b9-cb037d2741e4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ddcfd31d-6fb8-4c69-af92-6defdf5a0330","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"f9ee4b73-4ec7-4615-be19-fe482112ee69","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5ed1e197-2679-4a71-9a02-90e1d4e27471","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4bab7c2b-5ec4-467e-8df4-f2e6996e136b","name":"QuasarRAT","type":"tool","source":"MITRE","software_attack_id":"S0262","tidal_id":"a0086ecf-48df-5078-8fa4-e4c0df614e7b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"293643d5-aeb3-4b1a-8cb4-79c0c0d19f7d","name":"xRAT","description":"[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)][[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"cc118a28-e714-416e-bf2d-e82525f4782d","owner_id":null,"owner_name":null}],"groups":[{"description":"[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)][[Volexity Patchwork June 2018](https://app.tidalcyber.com/references/d3ed7dd9-0941-4160-aa6a-c0244c63560f)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)][[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)][[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)][[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5d233127-5736-478b-9cbe-39adda2bb2f7","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f90aae4d-4eea-479e-8c0e-0d7fc67312d8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"07fde49b-6b86-5053-b953-a13a2171e53a","name":"Quick Assist","type":"tool","source":"MITRE","software_attack_id":"S1209","tidal_id":"07fde49b-6b86-5053-b953-a13a2171e53a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) used [Quick Assist](https://app.tidalcyber.com/software/07fde49b-6b86-5053-b953-a13a2171e53a) as part of social engineering activity to interact with victims to install follow-on malicious software.[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5d9f0a9f-8cf2-45a5-af34-c88c92dd3177","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"dbc2f77a-0f9e-428a-82c3-8954db3f8b02","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"40ff8929-7f00-439e-a091-a0b01a6d46d4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"9c4f3f26-c391-4b2c-9dd4-e4bb9bbc5ea3","name":"Quick Assist (Deprecated)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3134","tidal_id":"f3909a3b-ef91-5d9e-b34d-ac97e4382639","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d00690d8-ed58-4a28-b6cf-41e9f0e4f7ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4b6cfd78-babf-4ff6-8031-c1f30b151b0a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3993a383-5bdf-4144-bc2a-32ea9040bafe","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9dbe856f-dd50-490d-86f1-8cd4514f31e3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"19d9e2e7-20fd-41e8-8c2c-38c5b76eed79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"52d3515c-5184-5257-bf24-56adccb4cccd","name":"QUIETCANARY","type":"malware","source":"MITRE","software_attack_id":"S1076","tidal_id":"5db9b5ce-07bf-5d46-9882-6e4d5e644223","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bcc438cd-d1be-59be-b12e-b83d4dfd571e","name":"Tunnus","description":"[[Mandiant Suspected Turla Campaign February 2023](https://app.tidalcyber.com/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]","source":"MITRE","associated_software_id":"9f3ab541-3447-4e2e-9f35-f7f1f7328385","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant Suspected Turla Campaign February 2023](/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"947ab087-7550-577f-9ae9-5e82e9910610","name":"QUIETEXIT","type":"malware","source":"MITRE","software_attack_id":"S1084","tidal_id":"559485c8-1864-561a-8816-53f178ae4aa4","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b0f13546-232f-455a-8abe-b3e7ea122175","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"}],"owner_name":null},{"id":"dcdb74c5-4445-49bd-9f9c-236a7ecc7904","name":"QuietSieve","type":"malware","source":"MITRE","software_attack_id":"S0686","tidal_id":"988bca19-9727-5e95-8120-7f0204773a7c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3784d233-1b33-4312-b991-d78fb2021875","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"7b78eb31-f251-493b-8058-14a3452e8ccc","name":"Quser","type":"tool","source":"Tidal Cyber","software_attack_id":"S3076","tidal_id":"ffa44289-4f43-5b1b-b58c-40d3b9d6bf7e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8d4eeb76-9f88-4994-adc2-244ed77b0606","name":"Quser.exe","description":"","source":"Tidal Cyber","associated_software_id":"b75127d4-1d6e-49fe-9919-fe5e471be7c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"54106106-fd6c-4653-9e59-abcaf028f993","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3d41e944-5f66-4a54-96d2-ff083ab98542","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c5826ff4-127d-4c0c-9270-21f11ce16b41","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"16701646-f1d9-46a0-81d9-163426e4889b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e20c1b98-2719-4c36-bb88-50984bb92f32","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0d90523b-d39f-4845-8688-455ea584a733","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"5db6ea45-2d6f-419f-9bb6-0456a5e83d6d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7b1ecc53-eda8-4a0a-9ced-7e49f96c2eff","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"51e11717-52ea-443b-9985-4af7c5884d04","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"8d717889-a101-54a8-8c8c-4aee8423d151","name":"Raccoon Stealer","type":"malware","source":"MITRE","software_attack_id":"S1148","tidal_id":"8d717889-a101-54a8-8c8c-4aee8423d151","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ea42473e-8e09-472a-b5f9-e120c7b083c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b8d8dd47-5c6a-4242-88d1-acea15ab3bd5","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"33c0f985-3e1e-4901-bfee-d3c81bba0d71","name":"Radmin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3120","tidal_id":"2c460e9e-b1c4-53fe-9e7a-88f162c7d470","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Group IB Silence Sept 2018](/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bcf5dd63-cf99-43cc-aa8a-2a65cdcf912b","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"44e1f006-207b-4fcd-8220-7f223f855f10","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"bd3347ce-5a61-452d-84ee-7ecc3816d90d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"52d3547a-f5c1-45e0-86b4-1835948b5990","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5b0ba37d-f758-4669-b2fa-b121e6ce557a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d2388882-b228-422f-9182-07291b6c5fd4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1f091b1e-7001-4cf0-ac73-9a5cd5c6ed21","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"3b88cde9-4cd5-49a9-a074-ca4353b1c075","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"d25f7acd-a995-4b8b-8ffe-ccc9703cdf5f","name":"Ragnar Locker","type":"malware","source":"MITRE","software_attack_id":"S0481","tidal_id":"5aaa5eb2-6810-5b68-afe1-3d11af01515f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a57e8b86-aca3-42fa-8799-c90c7400c7ce","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"72d6aafa-6b34-48a1-80d3-dfc8dabaf508","tag":"cb5803f0-8ab4-4ada-8540-7758dfc126e2"},{"id":"9e4bf24b-d3e7-427c-8eba-54199744cad2","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ecc6f1ee-00f1-4f36-9565-d09a19c35646","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"80295aeb-59e3-4c5d-ac39-9879158f8d23","name":"Raindrop","type":"malware","source":"MITRE","software_attack_id":"S0565","tidal_id":"a62c0cd6-20f7-522c-ab31-a6131f1ae60c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec RAINDROP January 2021](https://app.tidalcyber.com/references/9185092d-3d99-466d-b885-f4e76fe74b6b)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5861b329-90f9-44f4-a069-7f82fe553dd0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"42b775bd-0c1d-4ad3-8f7f-cbb0ba84e19e","name":"RainyDay","type":"malware","source":"MITRE","software_attack_id":"S0629","tidal_id":"becd4845-7637-54b6-8a0f-fe9353835caf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"15f1d454-b5a4-4100-8b42-a9805ea38231","name":"RALord Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3474","tidal_id":"9537b14e-e8b5-50d7-9ab5-a8d4cb375771","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8cbcc27c-1070-4206-92fa-ff852c379fc1","name":"RLord Ransomware","description":"[[SonicWall Nova Ransomware April 11 2025](/references/4926be5f-0eea-44cc-a73e-2f173eee901b)]","source":"Tidal Cyber","associated_software_id":"1a2c72e1-ae9a-4401-aa2e-069da55ba707","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[SonicWall Nova Ransomware April 11 2025](/references/4926be5f-0eea-44cc-a73e-2f173eee901b)]","group_attack_id":"G3101","group_id":"0c26f51f-35d8-40e8-9ad0-e5092cb3c04e","name":"Nova RaaS","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e57cf027-b51b-4787-b2fa-4e1110211554","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"abfda409-aed1-49c0-857e-c3d23cad5348","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"93f4ff4c-2a53-424a-8705-c031a1b63800","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dc307b3c-9bc5-4624-b0bc-4807fa1fc57b","name":"Ramsay","type":"malware","source":"MITRE","software_attack_id":"S0458","tidal_id":"3dbb440b-be2a-5add-af70-33f5cf4f7946","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c8bbabe2-1b06-4ba5-b505-623e25eb8f6c","name":"RansomEXX Ransomware","type":"malware","source":"Trellix TIG","software_attack_id":"S3398","tidal_id":"6a31557f-e56e-52b6-8a31-783c9ccc381c","platforms":[],"associated_software":[{"id":"6950e0e4-adee-4393-97ec-67f2eb168657","name":"RansomEXX","description":"","source":"Trellix TIG","associated_software_id":"d4ad6a33-d475-4233-a040-ab29ab70023e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"e84b7784-63bd-44ed-9b87-fbfdea147cb4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"8271849f-77f9-5a38-812e-7b6a348b01c4","name":"RansomHub","type":"malware","source":"MITRE","software_attack_id":"S1212","tidal_id":"8271849f-77f9-5a38-812e-7b6a348b01c4","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6d56d62e-c609-4408-b577-1913c464327c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"ae3770b1-6b80-478f-8b06-5a032466ea20","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"829b6663-99a2-4c7d-94cf-9e0bc3f95fd9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b89c5a21-7882-4b81-bf64-5aceebf63fd5","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"4409fd10-d846-421e-a611-60307014075a","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"8fa92c6d-d80b-452e-a46b-3fd1168b7593","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fe38aa3b-89e3-49a6-9df5-1e012575a16a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a3044fb5-3aae-4590-b589-cc88bf0d1f34","name":"RansomHub (Payload) (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3140","tidal_id":"3d2554e4-9b29-5a1e-8abe-dca38d2c847c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"79d57a87-daf6-4a9a-a4c1-87577bd6e02a","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"2bd8242a-b3e5-4a43-a659-c8a44175b0d5","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a9d78c8a-ecaa-4c5c-bf81-86783c02bfaf","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3d48c59f-7ff7-4950-b383-cb702b18cfc3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c11b372-b302-4762-8a10-6dbfc5d16f00","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"ffb92556-29aa-4baf-83f3-fa9b7ef2dfb0","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"3a1856f0-7846-42b7-a0c3-0625840727b6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3fa08a50-ceac-4d6f-aa15-c240b2044bda","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"7d71209f-7eb7-4231-b388-fcb4e8a48c25","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"129abb68-7992-554e-92fa-fa376279c0b6","name":"RAPIDPULSE","type":"malware","source":"MITRE","software_attack_id":"S1113","tidal_id":"7928f9e2-211d-58c9-889e-0d0adf4e2e78","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6d516363-4f83-4ba9-9726-1821b167e5e3","name":"Raptor Train","type":"malware","source":"Tidal Cyber","software_attack_id":"S3188","tidal_id":"0b43d3f4-14bb-5ac4-b1b6-092f2cc48f8e","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[Black Lotus Raptor Train September 18 2024](/references/21e26577-887b-4b8c-a3f8-4ab8868bed69)][[FBI PRC Botnet September 18 2024](/references/cfb6f191-6c43-423b-9289-02beb3d721d1)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f79ca0e1-72bd-4634-8678-2f683f03b1f9","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"ba587d1d-d7ba-418f-a462-45b91d9230a6","tag":"8e674409-2923-4b4e-bc38-c1c06d24c126"},{"id":"685b5962-47ed-4ea0-902b-884a4dbbcb96","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"f198a92a-cecb-4a84-865a-b1792e758068","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"440d0044-d787-4fca-9a42-43e729c822ba","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"044debd3-91ab-4f1d-b69f-a8f81c43b804","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"},{"id":"63fb10c3-a3c3-4816-9122-d72625927d5f","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a66c3231-1f17-47c5-8be6-a329b7ae9de8","tag":"70dc52b0-f317-4134-8a42-71aea1443707"},{"id":"0cf0e746-fc43-4b9b-ae28-b951b4471396","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"e8ab1352-c5e2-46cb-8030-b5b62acf1f96","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dbbf084c-53d4-4dba-b872-6bb195a6ad8e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a9c9fda8-c156-44f2-bc7e-1b696f3fbaa2","name":"RARSTONE","type":"malware","source":"MITRE","software_attack_id":"S0055","tidal_id":"635905ca-a46c-55fc-b056-140e5f727daf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)][[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"796e7f6f-7cc0-4bba-8268-12d30caf04b5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d34715e-1018-40fc-bf09-4eca69be830e","name":"Rasautou","type":"tool","source":"Tidal Cyber","software_attack_id":"S3265","tidal_id":"18303f80-3a3d-5baf-89ba-8d39854d4302","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4633eaeb-d4db-43ae-bb44-d339ca0d0085","name":"Rasautou.exe","description":"[[Rasautou.exe - LOLBAS Project](/references/dc299f7a-403b-4a22-9386-0be3e160d185)]","source":"Tidal Cyber","associated_software_id":"4a94b274-9bc0-4c51-82d7-e82f6e107b9c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0239bab9-ef1a-478d-be0d-2b6fee4e8706","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"85a814b9-b7ab-41eb-9170-81fb294ed830","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"22841966-6888-5ae5-8546-fd777cd66ca4","name":"Raspberry Robin","type":"malware","source":"MITRE","software_attack_id":"S1130","tidal_id":"22841966-6888-5ae5-8546-fd777cd66ca4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1eb60161-68a1-47f2-9a37-2c219a67866f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"5478387a-47d8-4e72-bd2f-4486883030c7","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f7b770b9-f348-4055-b294-1801a896c7c9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"38b82e9b-2cd9-4954-9799-e9283e2bac8f","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"92c59cec-cdef-4d3b-a42a-7d1ee77b74e1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d3523afc-cc3a-46b9-a12b-5be99dbe3143","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"09ff615c-65c8-49b4-ba56-d50e2b0c9356","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3cb6c997-3d13-46e0-81b2-0d1bbeecd990","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"40466d7d-a107-46aa-a6fc-180e0eef2c6b","name":"RATANKBA","type":"malware","source":"MITRE","software_attack_id":"S0241","tidal_id":"0f107edf-67fe-5c60-af21-79903eb775c0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Lazarus RATANKBA](https://app.tidalcyber.com/references/e3f9853f-29b0-4219-a488-a6ecfa16b09f)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"76f6151c-06eb-4798-bac7-b7e5a38fcc15","name":"RattyRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3515","tidal_id":"5f4f964d-025d-504d-8181-636ca04e175c","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a31fcdda-5526-4472-9f3c-3a220036421b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8c6c562f-c614-4fad-9b0c-f66583d91a4d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"99e19a21-f9a6-4f67-8ad6-9b127725b24a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"cc804db1-49cb-4553-b44e-33c093354c42","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"2f90e10b-edbc-4887-86eb-d6f3c85db488","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a45c5074-c8ba-475f-9fb4-7fc82f7b8577","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"d86a562d-d235-4481-9a3f-273fa3ebe89a","name":"RawDisk","type":"tool","source":"MITRE","software_attack_id":"S0364","tidal_id":"0a25f949-e139-53d4-a4f0-260002d5e5c3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Novetta Blockbuster](https://app.tidalcyber.com/references/bde96b4f-5f98-4ce5-a507-4b05d192b6d7)][[Novetta Blockbuster Destructive Malware](https://app.tidalcyber.com/references/de278b77-52cb-4126-9341-5b32843ae9f1)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0d282dc3-4819-4796-8e39-e1fa3c34b73d","name":"RA World","type":"malware","source":"Tidal Cyber","software_attack_id":"S3497","tidal_id":"eaef74a9-35ea-531c-9d5d-2d8f0adbddcd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3f398d92-7a45-4f35-ab50-052ca1e20ec7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"55ed8828-27c1-4502-92ec-2cdcc9bca088","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"35c36498-8976-49f2-a518-6093e5be62a1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c2956ba-a718-46b7-962a-64d81ebc1cc9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6ea1bf95-fed8-4b94-8071-aa19a3af5e34","name":"RawPOS","type":"malware","source":"MITRE","software_attack_id":"S0169","tidal_id":"fa6db3b3-a3bd-5cd0-a588-a445659498f9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"419644f0-860d-4de4-8d44-91be643eff77","name":"DUEBREW","description":"The DUEBREW component is a Perl2Exe binary launcher. [[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)] [[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]","source":"MITRE","associated_software_id":"2f190c9a-f999-4e44-8083-619225ef7890","owner_id":null,"owner_name":null},{"id":"9d1c1d90-38d5-4da7-9f74-ebe24170d01c","name":"DRIFTWOOD","description":"The DRIFTWOOD component is a Perl2Exe compiled Perl script used by G0053 after they have identified data of interest on victims. [[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)] [[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]","source":"MITRE","associated_software_id":"61841581-51bc-4559-b87f-e3fbadf40eb7","owner_id":null,"owner_name":null},{"id":"ea5a6334-00e8-4eeb-93c5-82cab199ae2e","name":"FIENDCRY","description":"The FIENDCRY component is a memory scraper based on MemPDump that scans through process memory looking for regular expressions. Its stage 1 component scans all processes, and its stage 2 component targets a specific process of interest. [[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)] [[Github Mempdump](https://app.tidalcyber.com/references/f830ed8b-33fa-4d1e-a66c-41f8c6aba69c)] [[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]","source":"MITRE","associated_software_id":"d6d49a18-4cf9-4ba3-906c-0091494c42e4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)][[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4","name":"Rclone","type":"tool","source":"MITRE","software_attack_id":"S1040","tidal_id":"6248e118-f6ec-5a6e-a983-955b35b2ce4b","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]\n","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Daixin Team October 2022](/references/cbf5ecfb-de79-41cc-8250-01790ff6e89b)]","group_attack_id":"G3007","group_id":"07bdadce-905e-4337-898a-13e88cfb5a61","name":"Daixin Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Resecurity BlackLock March 25 2025](/references/2977c45f-3a7a-42ae-be59-378aa288dc24)]","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Rclone](https://app.tidalcyber.com/software/1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) to exfiltrate information from victim environments.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Huntress INC Ransomware May 2024](https://app.tidalcyber.com/references/3ebccffe-d56d-594a-9548-740cf88a453b)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1bd9a8a7-025b-4846-9bc9-b2c4396af7cb","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"3c51117d-0c34-42f2-9ae9-9030cb3d2858","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6d137223-beac-4b5d-a024-9b5b5c223dc9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"b9635ab8-fcaf-4345-b1ee-d39bd9e5141b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7d400de3-ad66-497d-87fc-f8244e7350fa","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"7a293406-1631-44fa-9394-6bf0622e0694","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d2625dcd-7de4-4862-bc23-52cf00e2d75f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"56f92e93-0e38-456a-b513-a140e0e22bad","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1e95202e-53c1-4141-91c1-fc659ccb821f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"29d86902-b4aa-4f37-b9bc-800eda0257f4","tag":"a40b7316-bef6-4186-9764-58ce6f033850"},{"id":"f7321455-1c23-4a2c-be1f-cf9c83395916","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a5708741-369d-4df6-96fd-a37534d80757","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6c52084b-578f-468c-9fe1-c369bdf13517","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"4d92673d-48aa-4dc2-81d0-dd39ff885b12","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"87f84093-440c-4246-9e7e-5d13d69b5692","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2db5bc53-8e6c-42e1-b4a7-6d25895f7449","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1ee8e117-761f-4a7c-b659-c6a1f37e3238","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"03051282-02c8-49f6-8377-05308fcd351f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"653099bf-be0d-49f5-9ee6-4655038a39e9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"38c4d208-fe38-4965-871c-709fa1479ba3","name":"RCSession","type":"malware","source":"MITRE","software_attack_id":"S0662","tidal_id":"6e9f559a-a0b3-5216-8c29-bce10552b2dd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)][[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)][[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c593846c-bff0-4049-8f07-f5aa00bfea31","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9a5cff11-6bad-407a-a53c-2562a56ac024","name":"rcsi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3354","tidal_id":"e179813f-d357-543b-9cf1-3e659e92702d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"810f4a0a-ef9d-4771-8c97-9803508cdba3","name":"rcsi.exe","description":"[[rcsi.exe - LOLBAS Project](/references/dc02058a-7ed3-4253-a976-6f99b9e91406)]","source":"Tidal Cyber","associated_software_id":"c0f4b154-5dac-40e7-b6d0-eb111c1da58c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f2f05461-3722-4ea2-9e2a-fa266693f2ef","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d00d5fae-3c67-4598-bc55-12fce093fd8f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"567da30e-fd4d-4ec5-a308-bf08788f3bfb","name":"RDAT","type":"malware","source":"MITRE","software_attack_id":"S0495","tidal_id":"b59b94ea-4746-5342-89ca-10e8b735175d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit42 RDAT July 2020](https://app.tidalcyber.com/references/2929baa5-ead7-4936-ab67-c4742afc473c)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e94842ce-c2c6-4872-bbb5-90e8300f071d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ca4e973c-da15-46a9-8f3a-0b1560c9a783","name":"RDFSNIFFER","type":"malware","source":"MITRE","software_attack_id":"S0416","tidal_id":"b46f20b9-c791-5331-8962-e596fdb12edc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye FIN7 Oct 2019](https://app.tidalcyber.com/references/df8886d1-fbd7-4c24-8ab1-6261923dee96)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c21fde98-2d3e-4906-984f-f54d4c81d364","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"22d9f7be-7447-4cce-90f0-67a13d4b6a82","name":"RDP Recognizer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3052","tidal_id":"4cc04aef-87a9-5682-9c59-e97c5586f4ff","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7e8d36d-dcfe-48a3-ab17-f7912535b068","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b0007efb-e4ee-438a-8417-65ce0b9eb5cb","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"71dec2a6-c7bf-4f6f-8016-e9a80ff7de3e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6d02fdb2-3a92-4860-a01d-e483cd1311c4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9864bbfe-f8d7-4d60-a71f-1270fea3793a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c864f3ae-a40d-4322-9c96-53966fa39dc5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"35f927ea-fd7a-4cd5-9ca3-82a6de113c3a","name":"RDP Wrapper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3427","tidal_id":"fc18eddb-2898-5f0b-974c-61a5e5242804","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2164f4e1-181c-4ebb-abf5-2f87bc2f7f4b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"71c01736-5406-48de-a188-c6ed6519beb9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9af403e3-1dba-42a4-a5de-9ae29a6299a0","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"466623da-7095-4536-81a1-851cea4b6a57","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"633740af-aec1-4cb5-93d1-b87b3085876d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b37c81a-9574-4ac3-a996-d4cfe1e3ddb1","name":"rdrleakdiag","type":"tool","source":"Tidal Cyber","software_attack_id":"S3266","tidal_id":"01153fa0-2733-538b-b44a-bad1d1118c76","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4a803f25-7a1f-4038-8cc1-2ff4d24ff94c","name":"rdrleakdiag.exe","description":"[[rdrleakdiag.exe - LOLBAS Project](/references/1feff728-2230-4a45-bd64-6093f8b42646)]","source":"Tidal Cyber","associated_software_id":"d6302e6b-9ff5-4278-9d9d-98cbbffb5cc2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fc99a857-388f-4e5a-9343-58a595a1486f","tag":"9fbc403c-bd2e-458a-a202-a65b8201e973"},{"id":"df10fbcc-47c8-4e32-96cf-10f87610ee42","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"632fa315-7794-4411-b0d5-2d0dfe78f393","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ca544771-d43e-4747-80e5-cf0f4a4836f3","name":"Reaver","type":"malware","source":"MITRE","software_attack_id":"S0172","tidal_id":"72855048-0058-5f15-b50b-05cd277a92ec","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5264c3ab-14e1-4ae1-854e-889ebde029b4","name":"RedLeaves","type":"malware","source":"MITRE","software_attack_id":"S0153","tidal_id":"c90a78cb-7bff-52ac-b65a-51da6664ec74","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c7b379f-7d04-4904-8465-ae74c1da5e54","name":"BUGJUICE","description":"Based on similarities in reported malware behavior and open source reporting, it is assessed that the malware named BUGJUICE by FireEye is likely the same as the malware RedLeaves. [[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)] [[Twitter Nick Carr APT10](https://app.tidalcyber.com/references/0f133f2c-3b02-4b3b-a960-ef6a7862cf8f)]","source":"MITRE","associated_software_id":"07310f3e-ca07-43f8-a5fd-f078bd0b1ae4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)][[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f4e8f752-dad8-44b4-8ecb-471f06ae1e2d","name":"RedLine Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3408","tidal_id":"e8bcb088-78aa-55ea-bab2-f2831f80def3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a180240c-4a7a-4870-a8f7-7f3be868c610","tag":"c7bd6fa4-288f-4da1-986e-e0fd9a4a3c97"},{"id":"0bfeb657-f7d3-4d56-8fab-08ae94666045","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"27d42179-2e31-493a-ac2b-b24d10ff816c","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"e3190674-9ff1-4842-b285-baed0f730e99","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f3b772a4-65db-468d-b1ec-8f81039ab86b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d796615c-fa3d-4afd-817a-1a3db8c73532","name":"Reg","type":"tool","source":"MITRE","software_attack_id":"S0075","tidal_id":"e12f8b71-4926-5146-9f25-8901b5836acb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4ba0a066-1b3c-4670-8f57-e84f5245a78b","name":"reg.exe","description":"","source":"MITRE","associated_software_id":"7d5f2e75-7ff0-44e4-b8a7-2d817c58ffe0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Gamaredon Group](https://app.tidalcyber.com/groups/41e8b4a4-2d31-46ee-bc56-12375084d067) has used [Reg](https://app.tidalcyber.com/software/d796615c-fa3d-4afd-817a-1a3db8c73532) to add Run keys to the Registry.[[unit42_gamaredon_dec2022](https://app.tidalcyber.com/references/a8a32597-2b52-5f99-850d-f38d3f891713)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)][[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [Reg](https://app.tidalcyber.com/software/d796615c-fa3d-4afd-817a-1a3db8c73532) to dump various Windows registry hives from victim machines.[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"095a0292-0096-4326-afe4-f32fe31a7963","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"ed03f9a2-b040-4e8e-aeca-8f2b54fb47ee","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"17aeb811-b6cb-4127-bd28-aa86a0a30e20","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"bf24aa7c-96b3-4858-b88a-52d74d2049fd","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b39db01b-d482-4b0c-8788-76abfad05dd9","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"3972cff8-13ed-493b-856d-fcd478fc2ff8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ad5d1fb5-abdc-4796-b5ff-76d4fff066cb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"bea54c17-66f0-4e8c-8908-62f62691ab39","tag":"ec4a7c87-051b-4b7d-8acc-03696fe2113e"},{"id":"5ac2f79b-5a3f-43c2-9d7d-7e9058dc3c1c","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4b504abe-7696-48c0-947c-61f331072b9c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"b2ef788c-8283-471d-8026-6d792b362e20","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fd57c074-1a91-4d30-823c-5db56010a130","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"ac8a36fc-6f97-4e0f-9dc5-ff1df2cb0146","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0b9f2da6-6f9e-4f69-b96b-c5809ec27cf4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a17bb7a6-9600-4cf2-82c8-b95e69d9b571","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"fa1d1c76-0899-4fa2-99a7-d215f39c39f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1e892f4b-5398-44ac-aeb4-2e50f70c5716","name":"Regasm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3268","tidal_id":"06417fa1-7f36-50ae-a97d-3a954fab005a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9dab22f5-8405-44d2-8ebf-8c7ed07a75d0","name":"Regasm.exe","description":"[[LOLBAS Regasm](/references/b6a3356f-72c2-4ec2-a276-2432eb691055)]","source":"Tidal Cyber","associated_software_id":"39a11044-91eb-4631-9272-b29b46694271","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"77813008-f241-4a8f-9b35-34aed8dadff9","tag":"7d31d8f7-375b-4fb3-a631-51b42e58d95a"},{"id":"a6d909b5-9465-4fb6-9899-907e09ab27eb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f253c3c6-8626-475c-89b2-5c90f8962569","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"52dc08d8-82cc-46dc-91ae-383193d72963","name":"RegDuke","type":"malware","source":"MITRE","software_attack_id":"S0511","tidal_id":"2ed5d7fe-27f5-5614-b393-1d997a90c26b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e3675dda-31bc-4cad-9552-98b9a7241351","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"16cc6ff2-8804-4863-aede-40c4376e0af3","name":"Regedit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3269","tidal_id":"390109c9-bb11-56dc-8d3d-ec2a04e85c13","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed13f106-17dd-4fdf-9f19-5ab62fed9a75","name":"Regedit.exe","description":"[[Regedit.exe - LOLBAS Project](/references/86e47198-751b-4754-8741-6dd8f2960416)]","source":"Tidal Cyber","associated_software_id":"f230afe5-bf37-46ae-9f46-124ad37bb0e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d4ec00ff-ba29-4e9d-a519-a7ba4f55992e","tag":"36affa3d-c949-4e1b-8667-299490580dd5"},{"id":"5b860862-50fc-4108-b965-139e3e494b76","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5ef8f2f6-4407-4a10-a90e-727b612adbf6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7e92e30b-9eb1-52fc-9bf8-8c3b168910c5","name":"reGeorg","type":"malware","source":"MITRE","software_attack_id":"S1187","tidal_id":"7e92e30b-9eb1-52fc-9bf8-8c3b168910c5","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Security Affairs ANSSI APT28 OCT 2023](https://app.tidalcyber.com/references/5189bf11-876d-54f2-8f3c-f6b2bfb2e7c6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"958adb9d-5c37-46c2-9612-83577ae70ad8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1d88e586-3573-4eef-96b6-c649d3b58903","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"e88bf527-bb9c-45c3-b86b-04a07dcd91fd","name":"Regin","type":"malware","source":"MITRE","software_attack_id":"S0019","tidal_id":"f08c050d-d7d5-5273-a14f-4701982cc417","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"92457f9e-c2e6-4d61-b927-0d8ff0f6d617","name":"Regini","type":"tool","source":"Tidal Cyber","software_attack_id":"S3270","tidal_id":"a6a78c9a-3501-5029-bd05-f0bcd69c5228","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ccfddfb-3d11-4727-8e78-7fe09dae53e9","name":"Regini.exe","description":"[[Regini.exe - LOLBAS Project](/references/db2573d2-6ecd-4c5a-b038-2f799f9723ae)]","source":"Tidal Cyber","associated_software_id":"16554d65-2a29-4401-9930-cad7f681a7e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"106cf135-95eb-4c58-8c37-6bd04f770720","tag":"288c6e19-cf6c-451a-aff3-547f371ff4ad"},{"id":"df2396b3-e8a4-4ba8-ab2a-c56b5c15a919","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"457e4c72-ffe4-4082-b789-fbfcf52b3b1f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c80bac89-6b63-4860-9f66-260976a184e8","name":"Register-cimprovider","type":"tool","source":"Tidal Cyber","software_attack_id":"S3271","tidal_id":"5adec3cf-7b92-52f5-b68a-7507eaaff22f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e6fc20e7-7068-48a1-8ae4-a1b98ae67115","name":"Register-cimprovider.exe","description":"[[Register-cimprovider.exe - LOLBAS Project](/references/d445d016-c4f1-45c8-929d-913867275417)]","source":"Tidal Cyber","associated_software_id":"17ba6fd7-2072-4ef8-955a-87ccea4f9ec9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ba906064-1da1-423d-babf-3152c2e9a725","tag":"d379a1fb-1028-4986-ae6c-eb8cc068aa68"},{"id":"281ee723-efc5-4484-ac51-77986643d405","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7c41dbd4-3072-417c-af80-df2149deb8ec","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"271dd92b-76ee-4a00-ba41-343c32fc084e","name":"Regsvcs","type":"tool","source":"Tidal Cyber","software_attack_id":"S3272","tidal_id":"d0253f07-d6dd-55c8-8fd1-e53279313606","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8dc52fcf-9e7a-420b-bec5-2cd511c6bad7","name":"Regsvcs.exe","description":"[[LOLBAS Regsvcs](/references/3f669f4c-0b94-4b78-ad3e-fd62f7600902)]","source":"Tidal Cyber","associated_software_id":"784ed6e9-5db4-4aeb-ac49-a5e402062a89","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"bbf68644-4924-4ad5-ae2a-f194d3e733a2","tag":"141e4dce-00be-4bd7-9f81-6202939f0359"},{"id":"610b0e37-88ff-468d-b55d-f411216f3620","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"890ef9d3-6ba2-4139-b87b-16b72d0f23b6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"533d2c42-45a7-456e-af75-b61e2aff98a7","name":"Regsvr32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3273","tidal_id":"98c4f518-3940-576d-98ff-2f59e2de1565","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dbf326f4-37e2-4866-8b44-a65e392af5c3","name":"Regsvr32.exe","description":"[[LOLBAS Regsvr32](/references/8e32abef-534e-475a-baad-946b6ec681c1)]","source":"Tidal Cyber","associated_software_id":"400f3e02-f6b9-405a-8cd0-12dcf81cf4e4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET OceanLotus Mar 2019](/references/b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0)][[FireEye APT32 May 2017](/references/b72d017b-a70f-4003-b3d9-90d79aca812d)][[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint Leviathan Oct 2017](/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 Valak July 2020](/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[RSA Shell Crew](/references/6872a6d3-c4ab-40cf-82b7-5c5c8e077189)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)][[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)][[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Cloud Atlas December 2014](/references/41a9b3e3-0953-4bde-9e1d-c2f51de1120e)]","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Lab52 WIRTE Apr 2019](/references/884b675e-390c-4f6d-8cb7-5d97d84115e5)]","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT19](/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"349771cc-d35d-43d6-98b2-3f4b1d10705c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"faf61293-5e56-4871-a251-86311ba58eed","tag":"32be7240-e5ea-4e8a-8e95-7c1bd7869754"},{"id":"fe12fae7-e7e3-4274-9f45-92bba9e3e29c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"435179b5-abd7-4af6-a503-77a88ba7de4c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2eb92fa8-514e-4018-adc4-c9fe4f082567","name":"Remcos","type":"tool","source":"MITRE","software_attack_id":"S0332","tidal_id":"d4069d5f-9463-5e6b-b088-b2249ddc3e66","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1a739962-fff6-476b-961a-898edd5757cd","tag":"db8f1478-995a-4d9e-ad48-fd8583730e0b"},{"id":"079f3f0d-0743-429e-914f-c32632f368a3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"82d0bb4d-4711-49e3-9fe5-c522bbe5e8bb","name":"Remexi","type":"malware","source":"MITRE","software_attack_id":"S0375","tidal_id":"3bcb6793-5135-502d-a4c7-af2e25c2832a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Chafer Dec 2015](https://app.tidalcyber.com/references/0a6166a3-5649-4117-97f4-7b8b5b559929)][[Securelist Remexi Jan 2019](https://app.tidalcyber.com/references/07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845)][[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3a1436e9-ce2c-449e-a670-c1b212ebd754","name":"Remote","type":"tool","source":"Tidal Cyber","software_attack_id":"S3355","tidal_id":"b45c7b35-843c-58d5-9e8b-67f481cfd681","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"33bc2a4a-117d-492e-8b7e-893d28566989","name":"Remote.exe","description":"[[Remote.exe - LOLBAS Project](/references/9a298f83-80b8-45a3-9f63-6119be6621b4)]","source":"Tidal Cyber","associated_software_id":"fcde468a-6c78-46b0-967a-240fcbe815f6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"869ac21c-736f-4ef1-a844-294b403f6333","tag":"828f1559-b13d-4426-9dcf-5f601fcb6ff0"},{"id":"38e5471c-63e2-483f-8c9b-8c46797aa44b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"24942347-2305-4e5e-988b-df7cf6cf7dd9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57fa64ea-975a-470a-a194-3428148ae9ee","name":"RemoteCMD","type":"malware","source":"MITRE","software_attack_id":"S0166","tidal_id":"36046a04-d0f4-525b-a27b-719fd81ef452","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8a7fa0df-c688-46be-94bf-462fae33b788","name":"RemoteUtilities","type":"tool","source":"MITRE","software_attack_id":"S0592","tidal_id":"153a0514-49d4-5f4f-85ab-6611ad66ded1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e3729cff-f25e-4c01-a7a1-e8b83e903b30","name":"Remsec","type":"malware","source":"MITRE","software_attack_id":"S0125","tidal_id":"0102dd2f-d969-514e-bfc0-90e7f8cbb01f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d3b1274a-04a1-4a55-a318-63ffe1fdf114","name":"ProjectSauron","description":"ProjectSauron is used to refer both to the threat group also known as G0041 as well as the malware platform also known as S0125. [[Kaspersky ProjectSauron Blog](https://app.tidalcyber.com/references/baeaa632-3fa5-4d2b-9537-ccc7674fd7d6)]","source":"MITRE","associated_software_id":"4535e2aa-6351-4200-9e81-ea1a883bc6d3","owner_id":null,"owner_name":null},{"id":"15f882e8-7e1f-43a8-a680-4489b3b13fa9","name":"Backdoor.Remsec","description":"","source":"MITRE","associated_software_id":"818bf505-64bb-43da-88ae-58c60c8590b3","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Strider Blog](https://app.tidalcyber.com/references/664eac41-257f-4d4d-aba5-5d2e8e2117a7)][[Kaspersky ProjectSauron Blog](https://app.tidalcyber.com/references/baeaa632-3fa5-4d2b-9537-ccc7674fd7d6)]","group_attack_id":"G0041","group_id":"deb573c6-071a-4b50-9e92-4aa648d8bdc1","name":"Strider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"19a04c82-f816-464c-b050-a57269cba157","name":"Replace","type":"tool","source":"Tidal Cyber","software_attack_id":"S3274","tidal_id":"cc4165fe-57a8-5701-a5b6-2b0dd8813a6e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3cabd4a8-a41a-428c-a018-ab68ab9bab9e","name":"Replace.exe","description":"[[Replace.exe - LOLBAS Project](/references/82a473e9-208c-4c47-bf38-92aee43238dd)]","source":"Tidal Cyber","associated_software_id":"9e22fb92-6276-4af9-8394-9d6f8a62df9b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"63a6b65d-adfb-48d3-811e-3a8fcb07abbf","tag":"accb4d24-4b40-41ce-ae2e-adcca7e80b41"},{"id":"9a563763-5135-4169-b197-2cf7ca62ba63","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cd1e763b-4431-428e-b279-42fe4dc98e4a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5a2042bc-1bf5-4184-8ee9-fe5e4a891d79","name":"REPTILE Backdoor","type":"malware","source":"Trellix TIG","software_attack_id":"S3441","tidal_id":"10e608ff-8721-5682-8a44-eb37d581a901","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f88f6029-8eed-4395-b7cb-36477d1a88ef","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"63854449-d785-45e9-9716-ce251be13a9e","name":"Reptile Rootkit","type":"malware","source":"Trellix TIG","software_attack_id":"S3426","tidal_id":"38e5354b-2238-5118-a0fe-2c1fb9ab1ea5","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9fca12c1-f3db-4b6e-a258-52089180aa57","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":"TidalCyberIan"},{"id":"2a5ea3a7-9873-4a2e-b4b5-4e27a80db305","name":"Responder","type":"tool","source":"MITRE","software_attack_id":"S0174","tidal_id":"40de3b08-bae2-5e41-b3bb-cd7c92dac942","platforms":[],"associated_software":[],"groups":[{"description":"[[ClearSky Lazarus Aug 2020](https://app.tidalcyber.com/references/2827e6e4-8163-47fb-9e22-b59e59cd338f)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Responder](https://app.tidalcyber.com/software/2a5ea3a7-9873-4a2e-b4b5-4e27a80db305) in intrusions.[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT28 Hospitality Aug 2017](https://app.tidalcyber.com/references/7887dc90-3f05-411a-81ea-b86aa392104b)][[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)] ","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b2df1a64-19b5-4d43-adb4-bd09acd3e690","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"641d9348-1e67-468d-a571-86af23eed823","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0fb5f951-50f0-44e6-808d-b7707c71eda9","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"946a1b56-0812-4081-a6e3-3fbed096e3c5","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6e87490a-64d2-4824-a420-b7b6aa59f697","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b1de13f0-45bf-4f6a-861b-912bcc3911e7","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"738dec95-c5df-4684-ada7-44bd82315e4f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"5f36d8c1-729e-466a-bab4-61f218a05ad5","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"1e3ea2d1-bd50-409d-9307-c1e6b70d2bb7","name":"Restic","type":"tool","source":"Tidal Cyber","software_attack_id":"S3393","tidal_id":"46df7f2f-ef45-5423-b578-17f268302746","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[GuidePoint Security INC Ransomware August 14 2024](/references/414ff729-ba51-4c5a-a4ac-027e0d3c14df)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"11d7d963-4afd-46d5-926d-e0b9625689bf","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"272d4d4d-cfdd-4c16-bd0b-7c21319b430e","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"f99712b4-37a2-437c-92d7-fb4f94a1f892","name":"Revenge RAT","type":"malware","source":"MITRE","software_attack_id":"S0379","tidal_id":"cd40eab8-a101-5153-bab3-8f9c75bd5677","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cylance Shaheen Nov 2018](https://app.tidalcyber.com/references/57802e46-e12c-4230-8d1c-08854a0de06a)]","group_attack_id":"G0089","group_id":"830079fe-9824-405b-93e0-c28592155c49","name":"The White Company","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9314531e-bf46-4cba-9c19-198279ccf9cd","name":"REvil","type":"malware","source":"MITRE","software_attack_id":"S0496","tidal_id":"7e54ef71-a805-5886-9636-b3f604fb2b85","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6086442f-6f60-4f6f-8659-d8c967ff7b56","name":"Sodin","description":"[[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)][[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)]","source":"MITRE","associated_software_id":"37fc63a5-5059-4fd9-b598-ae195d9f7d1f","owner_id":null,"owner_name":null},{"id":"043041bc-aade-4c05-921f-c773f2d9886c","name":"Sodinokibi","description":"[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)][[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)][[G Data Sodinokibi June 2019](https://app.tidalcyber.com/references/03b1ef5a-aa63-453a-affc-aa0caf174ce4)][[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)][[Cylance Sodinokibi July 2019](https://app.tidalcyber.com/references/3ad8def7-3a8a-49bb-8f47-dea2e570c99e)][[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)][[Talos Sodinokibi April 2019](https://app.tidalcyber.com/references/fb948877-da2b-4abd-9d57-de9866b7a7c2)][[McAfee Sodinokibi October 2019](https://app.tidalcyber.com/references/1bf961f2-dfa9-4ca3-9bf5-90c21755d783)][[McAfee REvil October 2019](https://app.tidalcyber.com/references/288e94b3-a023-4b59-8b2a-25c469fb56a1)][[Picus Sodinokibi January 2020](https://app.tidalcyber.com/references/2e9c2206-a04e-4278-9492-830cc9347ff9)][[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)][[Tetra Defense Sodinokibi March 2020](https://app.tidalcyber.com/references/a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50)]","source":"MITRE","associated_software_id":"6fcd580a-ca00-4d56-95e5-d33d34d9da3a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[IBM Ransomware Trends September 2020](https://app.tidalcyber.com/references/eb767436-4a96-4e28-bd34-944842d7593e)][[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)][[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)][[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)]","group_attack_id":"G0115","group_id":"b4d068ac-9b68-4cd8-bf0c-019f910ef8e3","name":"GOLD SOUTHFIELD","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"68089258-c429-4365-aade-3db81fe77b8e","tag":"e755f9bf-0007-411c-950d-4b66934298b4"},{"id":"23a82679-dd83-4aca-a628-916f70fdbeba","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"be9dfd5c-ec62-45e5-bf22-f3b9129db915","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ab52f516-a732-4c8b-9a16-1a464ec1513c","tag":"286918d5-0b48-4655-9118-907b53de0ee0"},{"id":"e162a019-8e43-48e9-9143-d7c9d9e60361","tag":"93c53801-5427-4678-a753-7fc761e9eda1"},{"id":"2568beba-a84a-4a3d-a6d0-33c32a263734","tag":"1138181b-b2cf-4b6b-82da-10867aa4089d"},{"id":"c69b759d-cd29-4ee2-98e4-191ace7a9b83","tag":"00ec2407-cc63-4b62-b967-c3e06bdddd2f"},{"id":"c55897ca-333c-4992-9f50-c3b52a82b862","tag":"1cc90752-70a3-4a17-b370-e1473a212f79"},{"id":"fa140856-b9c7-4fda-bfc9-b84a77aa06a8","tag":"0e948c57-6c10-4576-ad27-9832cc2af3a1"},{"id":"960b11d1-dd93-42b8-9599-746094bf27e6","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"bb1a9a5c-ae9f-4810-b33c-5a0974fb2c90","tag":"1b98f09a-7d93-4abb-8f3e-1eacdb9f9871"},{"id":"07c4401c-1c05-49a0-b974-5ceb51c500ca","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"418b14b5-b156-4a13-be1a-deba8bc4e53b","tag":"c8ce7130-e134-492c-a98a-ed1d25b57e4c"},{"id":"fbfc5b55-284c-4b51-a5ea-a371862ff55a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"44f04984-3fde-4452-9960-f81163b2a817","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"d5649d69-52d4-4198-9683-b250348dea32","name":"RGDoor","type":"malware","source":"MITRE","software_attack_id":"S0258","tidal_id":"b5c38f3e-b953-5c5c-927d-922769d4afe4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 RGDoor Jan 2018](https://app.tidalcyber.com/references/94b37da6-f808-451e-8f2d-5df0e93358ca)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3776b38e-c5de-4a21-aa82-63dcf60ac248","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a12ce715-caa4-48ba-8d27-1c07d61e0d2f","name":"Rhadamanthys","type":"malware","source":"Tidal Cyber","software_attack_id":"S3403","tidal_id":"e4d9408c-eaf5-57c0-9b0e-91f96be441da","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Google TAG CVE-2023-38831 October 18 2023](/references/6e8fb629-4bb8-4557-9d42-385060be598f)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5b07436a-6cd0-421f-b552-1b29fe9f9f61","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4ec410fa-9cd2-4c56-81f2-388028d85256","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"44a1bc93-979b-4d91-a6fc-5d625ceb152e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f7c1e1cd-cc64-4417-92c3-76afed55d38c","name":"Rhysida Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3065","tidal_id":"d0f0aa97-7750-506f-8c3c-b631af4269fc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"824834f9-5adb-4186-9e85-68a4205db153","tag":"abea659c-fe23-4252-afc0-17b8adaa24f7"},{"id":"498904b7-4dcb-4f5f-a622-06eadd418000","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8d291a6-2764-4d76-967a-45148bfa0bb7","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"fe06b887-50a0-4cb8-846d-1063636ce65c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"907da3d9-63ce-48c1-a7ac-9f6ba8949c29","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"508be3d2-c2f2-4e2c-8781-678ddb4fe8f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ca5ae7c8-467a-4434-82fc-db50ce3fc671","name":"Rifdoor","type":"malware","source":"MITRE","software_attack_id":"S0433","tidal_id":"81361803-77f2-5d69-8b7a-c560505f55f1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[AhnLab Andariel Subgroup of Lazarus June 2018](https://app.tidalcyber.com/references/bbc66e9f-98f9-4e34-b568-2833ea536f2e)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"82548759-1883-40c8-a76c-2b0900e21a73","name":"RIFLESPINE","type":"malware","source":"Trellix TIG","software_attack_id":"S3434","tidal_id":"df9ac4ce-f964-5f67-b86f-15a50383b5ac","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"500912fe-cec5-4831-b392-e5dabf3f801c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"00fa4cc2-6f99-4b18-b927-689964ef57e1","name":"RIPTIDE","type":"malware","source":"MITRE","software_attack_id":"S0003","tidal_id":"b267b886-39fe-5907-b28e-3f6e05dbd2a8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Moran 2014](https://app.tidalcyber.com/references/15ef155b-7628-4b18-bc53-1d30be4eac5d)]","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"19b1f1c8-5ef3-4328-b605-38e0bafc084d","name":"Rising Sun","type":"malware","source":"MITRE","software_attack_id":"S0448","tidal_id":"54f216f6-6f12-5e96-ae6b-fa6b89862d2b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5452ec27-0deb-5f29-bed9-5ee838040438","name":"ROADSWEEP","type":"malware","source":"MITRE","software_attack_id":"S1150","tidal_id":"5452ec27-0deb-5f29-bed9-5ee838040438","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a1d88ed9-cd87-468c-afa3-de702b519b56","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"15bc8e94-64d1-4f1f-bc99-08cfbac417dc","name":"ROADTools","type":"tool","source":"MITRE","software_attack_id":"S0684","tidal_id":"cbc99cfc-d6f5-5124-8686-4660c1bd8b3a","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"fe608ebe-d912-5489-95fc-914b226a933f","name":"Identity Provider"}],"associated_software":[],"groups":[{"description":"[[MSTIC Nobelium Oct 2021](https://app.tidalcyber.com/references/7b6cc308-9871-47e5-9039-a9a7e66ce373)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a6ec428f-e5d0-4edb-930b-8eadc0d13bce","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"}],"owner_name":null},{"id":"b65956ef-439a-463d-b85e-6606467f508a","name":"RobbinHood","type":"malware","source":"MITRE","software_attack_id":"S0400","tidal_id":"f3963f10-bdd1-5216-8058-b9b89aba1d55","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"dcba0f75-23c1-4ef5-9227-55dab611a531","tag":"ce9f1048-09c1-49b0-a109-dd604afbf3cd"},{"id":"f47b7e0e-bed4-46b4-9ff8-5e3086cd607c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"00608930-b4ee-465e-8e0a-4e28db166f5d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"cb7aa34e-312f-4210-be7b-47a1e3f5b7b5","name":"ROCKBOOT","type":"malware","source":"MITRE","software_attack_id":"S0112","tidal_id":"2abdedd5-1649-5aaa-93ea-f121d9287a3d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"852cf78d-9cdc-4971-a972-405921027436","name":"RogueRobin","type":"malware","source":"MITRE","software_attack_id":"S0270","tidal_id":"f1d326a3-294f-5bc8-b151-f2d73b03e749","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)][[Unit42 DarkHydrus Jan 2019](https://app.tidalcyber.com/references/eb235504-d142-4c6d-9ffd-3c0b0dd23e80)]","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a3479628-af0b-4088-8d2a-fafa384731dd","name":"ROKRAT","type":"malware","source":"MITRE","software_attack_id":"S0240","tidal_id":"becd8815-9523-5e9e-9714-00d875a77bb6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos Group123](https://app.tidalcyber.com/references/bf8b2bf0-cca3-437b-a640-715f9cc945f7)][[Securelist ScarCruft May 2019](https://app.tidalcyber.com/references/2dd5b872-a4ab-4b77-8457-a3d947298fc0)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1277282f-0dda-4c5e-9d5f-3d2d4c41dec1","tag":"19e8c417-a31d-417d-8266-f2430fa4cc02"},{"id":"9f8b50cc-860c-4fad-bc16-4c0c56a115b3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4af6326b-eba7-4446-83aa-8b98771d390f","name":"RomCom","type":"malware","source":"Tidal Cyber","software_attack_id":"S3018","tidal_id":"184227c7-12b4-53dc-9365-8d0632c9ab8b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"73e04b0c-d7bb-409e-827a-5d38ae773c33","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8610a79e-86a4-4e3c-943b-b6aa7bfdc173","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"13da51e3-26fe-4c8f-81b5-4ce18693e590","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1cfb417c-fe31-4500-b10a-12e70cd03e9b","name":"RootRot","type":"malware","source":"Trellix TIG","software_attack_id":"S3418","tidal_id":"b03a70d7-2ecb-5487-aa67-19cfb5927a31","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4f0bc41a-609a-4d61-93ff-e8cafc9e9524","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"169bfcf6-544c-5824-a7cd-2d5070304b57","name":"RotaJakiro","type":"malware","source":"MITRE","software_attack_id":"S1078","tidal_id":"3e519147-aa70-55f6-8e44-908a12dec24b","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[netlab360 rotajakiro vs oceanlotus](https://app.tidalcyber.com/references/20967c9b-5bb6-5cdd-9466-2c9efd9ab98c)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3b755518-9085-474e-8bc4-4f9344d9c8af","name":"route","type":"tool","source":"MITRE","software_attack_id":"S0103","tidal_id":"48035506-d57a-5ea5-b120-fec93c3ad361","platforms":[],"associated_software":[],"groups":[{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky ThreatNeedle Feb 2021](https://app.tidalcyber.com/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ef38ff3e-fa36-46f2-a720-3abaca167b04","name":"Rover","type":"malware","source":"MITRE","software_attack_id":"S0090","tidal_id":"56955bd5-f2a8-552e-884c-0acaf8c585b1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"221e24cb-910f-5988-9473-578ef350870c","name":"Royal","type":"malware","source":"MITRE","software_attack_id":"S1073","tidal_id":"f2a1b4e9-e79b-5b89-a17a-17c14f6ffb99","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e3536184-b1be-436e-a4fa-b704b6757d80","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"2b341eba-ed2a-4663-9076-a67da2eadb57","tag":"b05fef45-bf36-47a0-b96a-cc76ac8a4f1e"},{"id":"6adc0027-2d07-47dd-9da6-7dad92d4a7f8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f3176726-4f28-4f95-9d36-92f11cfd9c92","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"22a36507-d53d-4aca-a0c6-dc9ac00fd0de","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"45d83ad6-f6e6-4dc7-98eb-8bd50e95c246","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"3e42b791-fb59-4a8e-a27e-1cc544f353ee","name":"Rpcping","type":"tool","source":"Tidal Cyber","software_attack_id":"S3275","tidal_id":"1499b296-0791-56f8-8bd3-523b563f1f18","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"840f79a4-5fd6-4d83-bd6e-7776debc391e","name":"Rpcping.exe","description":"[[Rpcping.exe - LOLBAS Project](/references/dc15a187-4de7-422e-a507-223e89e317b1)]","source":"Tidal Cyber","associated_software_id":"86869abd-b428-4415-91be-d5413eeac0b5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"07584f36-575b-4570-8888-c4fb364b0f29","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f7aec83e-a55f-43d4-96d1-531394e8828e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7359fd1e-859b-432f-8cfb-2b17a4509d1c","name":"RSOCKS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3412","tidal_id":"e8c2b911-3fb4-5547-9f72-7c31e5fdf6b2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"372c0504-a75f-4def-a97d-011acb9020d2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9eb89c98-452e-4422-b842-f529ca72db6a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"28e8c168-5e30-47c4-99ee-fda6898ea9f6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ed074d36-507c-416e-9e20-93512d9d60e3","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b9665dfa-c962-4fd9-a981-9255893a13d6","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"4a652d6b-b681-4dd3-acb9-994753835182","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"c3b9281b-5f18-4119-903e-c27f1a4004b4","name":"Rsockstun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3101","tidal_id":"329dd21a-4be6-5cf6-beca-da60355c7d94","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2ddc6539-6153-40e2-99b6-8540829f3437","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"7a3d92e5-ff3c-452f-9eb4-8df61d8541ce","name":"RSocx","type":"tool","source":"Tidal Cyber","software_attack_id":"S3496","tidal_id":"b27a6176-e0af-51ff-987a-e3a62965d144","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 May 16 2025](/references/bcc4f7d1-5cce-47eb-8182-cfe0ff79739a)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6bcf5fd5-43cf-42fb-b5af-30b9ad6b9c94","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"24aff9dc-07a8-43c1-89c2-d038e0118692","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8f8238bf-e924-430a-ba01-acf1caa9876f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1836485e-a3a6-4fae-a15d-d0990788811a","name":"RTM","type":"malware","source":"MITRE","software_attack_id":"S0148","tidal_id":"3278ca9b-f431-597e-9b94-53ae3bf51048","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5d88a89c-6688-48c9-a463-6ca64652101c","name":"Redaman","description":"[[Unit42 Redaman January 2019](https://app.tidalcyber.com/references/433cd55a-f912-4d5a-aff6-92133d08267b)]","source":"MITRE","associated_software_id":"eca6bc18-bb6c-473e-b034-8362ead4e250","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET RTM Feb 2017](https://app.tidalcyber.com/references/ab2cced7-05b8-4788-8d3c-8eadb0aaf38c)]","group_attack_id":"G0048","group_id":"666ab5f0-3ef1-4e74-8a10-65c60a7d1acd","name":"RTM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2e54f40c-ab62-535e-bbab-3f3a835ff55a","name":"Rubeus","type":"tool","source":"MITRE","software_attack_id":"S1071","tidal_id":"9a7d0d1e-9c0b-5256-a77a-5b23a75611cd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ReliaQuest May 28 2024](/references/2a67b1df-9a15-487e-a777-8a3fe46b0179)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b83604b1-e054-4884-903a-12afe9539420","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6e40c200-48f2-4788-8a9c-c2c42ddde33c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6fb496a6-5c7a-4d0e-9532-a4dfcb13fb3d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"69563cbd-7dc1-4396-b576-d5886df11046","name":"Ruler","type":"tool","source":"MITRE","software_attack_id":"S0358","tidal_id":"dbc08897-e34b-5d31-843f-797b7a1cf60e","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)][[Microsoft Holmium June 2020](https://app.tidalcyber.com/references/c249bfcf-25c4-4502-b5a4-17783d581163)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cbcc3494-9869-496b-98a5-67e2dedd5649","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3479f780-86fd-40d0-880a-9afb365b8f8c","tag":"82009876-294a-4e06-8cfc-3236a429bda4"}],"owner_name":null},{"id":"cd5a27c8-9611-41d9-b839-b0ba7daf58b5","name":"Rundll32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3276","tidal_id":"49b4cecb-55a2-537c-9902-76078f029f72","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3d01d0ad-ace4-4db3-a35e-ff9fc893364e","name":"Rundll32.exe","description":"[[Rundll32.exe - LOLBAS Project](/references/90aff246-ce27-4f21-96f9-38543718ab07)]","source":"Tidal Cyber","associated_software_id":"8919f626-0b08-4d5c-9872-b95a10b5e06b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-239A BeagleBoyz August 2020](/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Talos Kimsuky Nov 2021](/references/17927f0e-297a-45ec-8e1c-8a33892205dc)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Volexity Exchange Marauder March 2021](/references/ef0626e9-281c-4770-b145-ffe36e18e369)]","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Securelist MuddyWater Oct 2018](/references/d968546b-5b00-4a7b-9bff-57dfedd0125f)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Gamaredon June 2020](/references/6532664d-2311-4b38-8960-f43762471729)]","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Telebots July 2017](/references/5d62c323-6626-4aad-8bf2-0d988e436f3d)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Carbanak](/references/2f7e77db-fe39-4004-9945-3c8943708494)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason TA505 April 2019](/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)][[Deep Instinct TA505 Apr 2019](/references/529524c0-123b-459c-bc6f-62aa45c228d1)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks](/references/47031992-841f-4ef4-87c6-bb4c077fb8dc)][[Microsoft Deep Dive Solorigate January 2021](/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)][[FireEye APT29 Nov 2018](/references/30e769e0-4552-429b-b16e-27830d42edea)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MalwareBytes LazyScripter Feb 2021](/references/078837a7-82cd-4e26-9135-43b612e911fe)]","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Crowdstrike DNC June 2016](/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)][[Bitdefender APT28 Dec 2015](/references/3dd67aae-7feb-4b07-a985-ccadc1b16f1d)][[Palo Alto Sofacy 06-2018](/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)][[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)][[ESET Zebrocy May 2019](/references/f8b837fb-e46c-4153-8e86-dc4b909b393a)][[Cybersecurity Advisory GRU Brute Force Campaign July 2021](/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[McAfee Lazarus Jul 2020](/references/43581a7d-d71a-4121-abb6-127483a49d12)][[ESET Lazarus Jun 2020](/references/b16a0141-dea3-4b34-8279-7bc1ce3d7052)][[ESET Twitter Ida Pro Nov 2021](/references/6d079207-a7c0-4023-b504-1010dd538221)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ClearSky Wilted Tulip July 2017](/references/50233005-8dc4-4e91-9477-df574271df40)]","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT19](/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"18dcea3e-b53e-4dc2-a7fb-cebd7fe90945","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b8f77e4d-7549-4966-b6ec-a9d497e44c18","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"544cdd90-eeb7-4788-86cc-5fa21f5cce81","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"46779bd7-4eac-4902-9201-bc1174356715","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4405535f-adea-4ccf-bd86-4f1f15facedd","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"955e9ce3-d9f5-4f50-ab99-ebf76e2c8854","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"9b6de463-bbd2-4c1a-b312-9869adf3e378","tag":"d28b269e-588d-49ed-b5c9-8e82077924c0"},{"id":"421cd074-8ddd-41c6-a02d-95d77f941c51","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c8ef7bd1-ca20-4960-968b-7c61f94b4767","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"db516b7d-e5bd-4da8-a708-2fe5d2a2fdfd","name":"Runexehelper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3277","tidal_id":"9b89ea7c-6c01-590f-803d-a7e318911edc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d8755de5-f49f-4b1d-91bc-350e19ea9ba8","name":"Runexehelper.exe","description":"[[Runexehelper.exe - LOLBAS Project](/references/86ff0379-2b73-4981-9f13-2b02b53bc90f)]","source":"Tidal Cyber","associated_software_id":"e45aa3ea-628a-4b78-ae7c-bc9c9bf0c2fa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"48f46aa3-bb54-4152-8fb0-df883f8fab54","tag":"270a347d-d2e1-4d46-9b32-37e8d7264301"},{"id":"bb622a6f-0e32-4466-9fc8-daffb04c76b4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"25f2afc2-139d-4a5a-82a1-ec672a6bfda8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e8afda1f-fa83-4fc3-b6fb-7d5daca7173f","name":"RunningRAT","type":"malware","source":"MITRE","software_attack_id":"S0253","tidal_id":"6753422d-7925-59b4-836b-6a79530cf994","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ccad36ac-b526-44ec-840a-6f498c51781c","name":"Runonce","type":"tool","source":"Tidal Cyber","software_attack_id":"S3278","tidal_id":"7a1e12ee-5dc0-56bf-9e6b-53b33de09e83","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"355cd948-1c27-4686-8d9f-e1b0f484fc40","name":"Runonce.exe","description":"[[Runonce.exe - LOLBAS Project](/references/b97d4b16-ead2-4cc7-90e5-f8b05d84faf3)]","source":"Tidal Cyber","associated_software_id":"1879fe72-07da-461e-8f70-af95440b65de","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"20062be1-5dea-4ff8-96ae-4f90804d613d","tag":"065db33d-c152-4ba9-8bf9-13616f78ae05"},{"id":"3d656d77-6c6e-439e-b3f4-48a01cf28e5f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b5e5fb42-428a-406c-b4c6-be7ce490c620","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"035bae51-c1cc-46f0-8532-a5d01c4d4a52","name":"Runscripthelper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3279","tidal_id":"7066f091-b633-5c9f-8552-8541c4e51cd6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"843e7ee6-ecd9-43b4-8b54-491c8217e842","name":"Runscripthelper.exe","description":"[[Runscripthelper.exe - LOLBAS Project](/references/6d7151e3-685a-4dc7-a44d-aefae4f3db6a)]","source":"Tidal Cyber","associated_software_id":"f5e4afa0-6094-4fd1-8472-a459b5687cc9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"eb54c291-4752-4df8-888b-2579a2e1cc99","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"88c892da-43d6-4828-8608-4f7be3117d8b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4c44221f-8955-46aa-a9c0-a544eff054fa","name":"RustDesk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3504","tidal_id":"e9875015-46c7-509d-8c5f-c7928fae7da9","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)][[Palo Alto Unit 42 North Korean IT Workers 2024](/references/61819211-7260-53c1-833e-eac36f209b0c)]","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1558c874-d902-40d1-ab46-4324511cbb0f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e6cda0d4-892d-4b22-b2b1-52807912c13c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0c473492-f10e-47cc-9864-0e25f473ef42","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9097ab5c-9a66-49b0-9c28-cac8afd9d52a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"9f9f6ca0-6b64-4c39-a618-8b6c3f2aa5bb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e93abb8f-eaaf-4e88-9eaf-ebbade824cd8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8ae86854-4cdc-49eb-895a-d1fa742f7974","name":"Ryuk","type":"malware","source":"MITRE","software_attack_id":"S0446","tidal_id":"ffd034ce-6417-59cc-a6b1-14c1c9bda541","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Ryuk January 2019](https://app.tidalcyber.com/references/df471757-2ce0-48a7-922f-a84c57704914)][[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)][[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)][[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)][[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"dbc5a674-54fe-4f34-9f27-3c32fb478e11","tag":"74eb9cdd-409f-41d6-bb4f-39af6d1b3232"},{"id":"8ed93e76-3e50-442a-8271-3c5f1b7e26a2","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"0dfa6b8a-8677-4f74-af81-12bee480035b","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"40a7faae-5066-4b26-9c03-ebf730275a2a","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ce47b399-a6cb-49e6-af9e-73e919f01be2","tag":"12a2e20a-7c27-46bb-954d-b372833a9925"},{"id":"b8017276-824a-4ffb-adc1-8485a93d0ac3","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"2d15c424-cba6-44c2-9b59-c7aa52c0ba46","tag":"c8ce7130-e134-492c-a98a-ed1d25b57e4c"},{"id":"3c34a530-4f85-48cc-aaff-9ccd9e27e7d0","tag":"2743d495-7728-4a75-9e5f-b64854039792"},{"id":"95bc32dd-918e-4a07-bb87-e7e4aa35104a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3c9e7267-d629-47a1-827a-3a0a17915690","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"28134511-b91e-4b69-962d-74e80ac6305b","name":"Sabbath Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3392","tidal_id":"848b27cb-65d0-55c1-a85d-fad3b2d71a18","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e3fa5c1a-6d4c-471f-860a-76b329e2502a","name":"54bb47h","description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","source":"Tidal Cyber","associated_software_id":"b785b2cd-994a-41fc-a22f-10e3b7005588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f529f704-c86e-4f63-9f42-85a62c24c43a","name":"Arcane","description":"[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]","source":"Tidal Cyber","associated_software_id":"def83b98-a210-4cd7-82aa-9cda6af7b73d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"9800ac8e-40d1-4fa6-9730-ae974395e6dc","name":"Eruption","description":"[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]","source":"Tidal Cyber","associated_software_id":"3615ac4d-7193-4dd2-bc28-6a85761a2150","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7b8f7209-3bc8-4d19-9f00-b0bfb06b55de","name":"ROLLCOAST","description":"[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]","source":"Tidal Cyber","associated_software_id":"0681b92f-dfab-44da-8c12-536adc8affcd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)][[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9909f62a-919c-45bb-a2e7-b64d4c20b5d6","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1d42a0aa-dc78-4bb2-9572-3788cf88dd82","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"24ed27b3-ef88-4d6a-8d54-b325b5f30a7f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"6da227b9-4f0d-43ee-a7c9-082133a97e5f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"87a5b73d-2ebf-4329-abb7-99933830d1dc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bab4dee-3e89-443f-8f58-5d3b7e19cb89","name":"SafePay Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3467","tidal_id":"ec6b46f2-1e34-5b84-bb17-429421cbe90c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9f6989a4-11a0-4608-ae56-70e4ed1631e5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"c45d98ad-0660-4204-a224-f601798db2f7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"0a2addb6-9d9c-4c95-9e88-396809aa0950","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"90cfb805-6ce1-4368-9050-768f8a2cc5d6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2005b7cd-94c4-5d53-bd89-0af03c7a3ee7","name":"Sagerunex","type":"malware","source":"MITRE","software_attack_id":"S1210","tidal_id":"2005b7cd-94c4-5d53-bd89-0af03c7a3ee7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) is the exclusive user of [Sagerunex](https://app.tidalcyber.com/software/2005b7cd-94c4-5d53-bd89-0af03c7a3ee7), and has employed variants of this in operations since 2016.[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)][[Cisco LotusBlossom 2025](https://app.tidalcyber.com/references/9b7db916-e62f-5d7e-9574-a85198665a5a)]","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f037813-af69-4fcf-b122-3bd175b0d57b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d66e5d18-e9f5-4091-bdf4-acdac129e2e0","name":"Saint Bot","type":"malware","source":"MITRE","software_attack_id":"S1018","tidal_id":"79e27942-f865-54e9-8e12-f1ba1c43c98f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Saint Bot](https://app.tidalcyber.com/software/d66e5d18-e9f5-4091-bdf4-acdac129e2e0) is closely correlated with [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973) operations as a common post-exploitation toolset.[[Palo Alto Unit 42 OutSteel SaintBot February 2022 ](https://app.tidalcyber.com/references/b0632490-76be-4018-982d-4b73b3d13881)]","group_attack_id":"G1031","group_id":"eb64ce69-f106-5e8e-8efd-a29385a05973","name":"Saint Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Saint Bot](https://app.tidalcyber.com/software/d66e5d18-e9f5-4091-bdf4-acdac129e2e0) during operations, but is distinct from the threat actor [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973).[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"65e6541e-a329-43de-b020-452cd70e2e27","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"a316c704-144a-4d14-8e4e-685bb6ae391c","name":"Sakula","type":"malware","source":"MITRE","software_attack_id":"S0074","tidal_id":"4c89b515-36e9-57b8-9aa9-fe978da17396","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"95fe4b6f-6f73-4bab-aaa9-c9747935dcb9","name":"Sakurel","description":"","source":"MITRE","associated_software_id":"8e87c30d-7a04-431a-9182-8991ed0e4464","owner_id":null,"owner_name":null},{"id":"2ba6d620-2bd1-402f-8145-15ccaf107c73","name":"VIPER","description":"","source":"MITRE","associated_software_id":"b27db543-4db8-4cf6-9321-c511efa7ecb7","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0fd80499-e277-45be-aba9-b6bef57697c2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e3864daf-a284-5cc0-b434-6e77c8406bd9","name":"SampleCheck5000","type":"malware","source":"MITRE","software_attack_id":"S1168","tidal_id":"e3864daf-a284-5cc0-b434-6e77c8406bd9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7731918-e2ef-5fc1-8261-d0d410a72f00","name":"SC5k","description":"[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]","source":"MITRE","associated_software_id":"b3e28b3b-f3cc-48f7-8434-1705caf35488","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c9535445-f55b-45c1-a13c-246aec8f529a","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"79318dc6-1fb5-4fef-b287-21e487399290","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5276226d-5453-42db-8701-a83b2b061b5b","name":"SampleCheck5000 (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3156","tidal_id":"bc69737c-ce3b-5e59-8d0e-597b4def7fc5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1dffb93d-49b6-46b2-8271-f41f96e8a3ed","name":"SC5k","description":"[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]","source":"Tidal Cyber","associated_software_id":"38ddef87-e5eb-4056-8e4b-3633b8887967","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8b49e471-e457-4aec-9575-8eeec2e932a0","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"b971f688-a18f-443c-b1f7-5da1de1509ca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"74b6bb13-9d52-4147-9054-2eac8750fe7b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7645d74c-67cd-4f3e-8dcf-c22e685277f0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"88831e9f-453e-466f-9510-9acaa1f20368","name":"SamSam","type":"malware","source":"MITRE","software_attack_id":"S0370","tidal_id":"b0cee6ff-9236-521f-b777-f12bcf9d41a1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"76ac471b-b15c-4072-9e08-38bc62aaac92","name":"Samas","description":"[[US-CERT SamSam 2018](https://app.tidalcyber.com/references/b9d14fea-2330-4eed-892c-b4e05a35d273)]","source":"MITRE","associated_software_id":"accecc38-6a70-4fe4-97a2-86df1e07dbcb","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"9f52e189-1a08-42ec-b238-28a87638f31c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"8bd6af7f-1b52-4d9d-bf18-1a12476026e7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"bd75c822-7be6-5e6f-bd2e-0512be6d38d9","name":"Samurai","type":"malware","source":"MITRE","software_attack_id":"S1099","tidal_id":"d6730958-f69f-5545-b254-4786272dc281","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9ab0d523-3496-5e64-9ca1-bb756f5e64e0","name":"Sardonic","type":"malware","source":"MITRE","software_attack_id":"S1085","tidal_id":"2b0b1e1b-ffa8-5b17-a8ab-61b8c84a8d65","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4f9c5d6a-4742-47a5-b726-f5ae34ad8586","name":"Ragnar Loader","description":"[[The Hacker News March 7 2025](/references/bef86725-c540-4241-bf3b-4b5a81aadebe)]","source":"Tidal Cyber","associated_software_id":"6d5e56db-4ea8-42d9-b183-86414819b7b0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)][[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The Hacker News March 7 2025](/references/bef86725-c540-4241-bf3b-4b5a81aadebe)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0360e655-3290-4bb6-83ff-0f89c06ec394","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"41be663f-ecc9-4ab6-afeb-c52737f84858","name":"Sc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3280","tidal_id":"d7dfbde3-c095-566f-bc35-3b3d398012a4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d0649c70-e746-4f1a-a31b-fbf519ca80da","name":"Sc.exe","description":"[[Sc.exe - LOLBAS Project](/references/5ce3ef73-f789-4939-a60e-e0a373048bda)]","source":"Tidal Cyber","associated_software_id":"51b405bf-637a-46e7-960f-44f7e964ca7e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a771c8e8-3b1e-42db-af28-b1b281b29eac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6330945d-fd8a-4750-b27a-7aafb36fea6f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7759fb72-fedf-4e03-921b-a2c535b02b69","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"cb15821a-bead-4165-a278-ea97f366523f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1471a4f4-c2d0-4807-bdc8-f816ea2dc0a2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"da077c2b-9e7a-4f35-b187-af2876496799","name":"Scarab Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3181","tidal_id":"6fa54dec-ddaa-5b33-b586-e02f70edac26","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"53e6829b-a88a-4ff8-816a-7fba337a5277","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"74aaa1dd-fafc-4348-bd3e-a1fcd4afc1d8","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"019f52a3-3c00-4e49-97e0-3e90a749ec18","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b79c59c3-5458-4dd7-9db6-7f2d4dd70820","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3d3f0187-d08a-468a-8956-b3502fdeaea5","name":"ScHackTool","type":"malware","source":"Tidal Cyber","software_attack_id":"S3180","tidal_id":"e35b7254-6628-5f08-aab8-cd3f0dae4d7d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ca0d8e3a-93d4-4b32-9849-8dc4c9402193","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"5af65baf-a151-4f59-8dac-705b25c974f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"43cb00e8-756a-4a67-88ee-3d55cad85fa8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2aacbf3a-a359-41d2-9a71-76447f0545b5","name":"schtasks","type":"tool","source":"MITRE","software_attack_id":"S0111","tidal_id":"ce6526ea-5776-5954-9f9e-ccc6cdfaacbc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cef89380-3b62-4a3d-a5b3-f26643c108ec","name":"schtasks.exe","description":"","source":"MITRE","associated_software_id":"8e0f3e81-6583-40f4-824c-2f5ba6b7e19d","owner_id":null,"owner_name":null}],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)][[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye Operation Double Tap](https://app.tidalcyber.com/references/4b9af128-98da-48b6-95c7-8d27979c2ab1)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Bitdefender Naikon April 2021](/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Volexity SolarWinds](/references/355cecf8-ef3e-4a6e-a652-3bf26fe46d88)][[FireEye SUNBURST Backdoor December 2020](/references/d006ed03-a8af-4887-9356-3481d81d43e4)][[CrowdStrike SUNSPOT Implant January 2021](/references/3a7b71cf-961a-4f63-84a8-31b43b18fb95)][[Mandiant No Easy Breach](/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cycraft Chimera April 2020](/references/a5a14a4e-2214-44ab-9067-75429409d744)][[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET Lazarus Jun 2020](/references/b16a0141-dea3-4b34-8279-7bc1ce3d7052)][[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)][[ESET Twitter Ida Pro Nov 2021](/references/6d079207-a7c0-4023-b504-1010dd538221)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"2f489e7b-6294-4f55-a94a-ec0868d404d7","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"3eaaba45-3f42-4d75-aecb-60d80c56a0c3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"92d89a2a-9ce7-4684-9fab-8410de0d2acd","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"cbecfb63-ab09-4125-bfa4-7abbbe2a8f45","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"4007fc5c-45d8-4332-9742-cfbffc14d4ae","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"6f98fd10-f369-443e-be9b-db72f8d91742","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a66cbe6f-0c07-4ba2-8289-bfa8cde2fb0d","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a323fdb2-1ee1-4568-b4b1-41094072d90c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"3b21529c-c167-4040-880b-37f2c9054173","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3c155408-7cad-4bb1-a4c5-0f6fd4c7ec45","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ff15c6e5-fe0b-404c-9cd2-28476ef9c5f6","tag":"f0c54030-956a-4bac-9f98-deb2349183ac"},{"id":"fdf5ed9e-d250-41cb-b213-0f26632bf46a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"aa93763d-acfc-4aa3-ba6a-3b0d8dfbe400","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"99ce4ccb-7ef5-4650-9b7c-59704ca8e2da","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cd7e56b3-d5d8-4489-9368-7fcffc634652","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"34964908-7162-4bcc-ab2a-d0dc1b3b82ef","name":"ScRansom","type":"malware","source":"Tidal Cyber","software_attack_id":"S3178","tidal_id":"61ac6489-e718-5aed-823a-3155f7446f7d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a9181d24-444f-4591-a890-fea2812e1abd","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"30ecfa87-2501-4c65-a832-5438e73b8795","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"1b26819a-e097-41c6-8d84-509d750bfb27","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"518d827d-fdb7-4fab-83ee-317f65724673","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ba4d8522-9656-462e-b25e-32a9bba85a60","name":"Scriptrunner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3282","tidal_id":"599b3149-2685-5c59-8009-6dcb87f17570","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4882dbf4-7d84-45fc-9a06-055d8b429bfd","name":"Scriptrunner.exe","description":"[[Scriptrunner.exe - LOLBAS Project](/references/805d16cc-8bd0-4f80-b0ac-c5b5df51427c)]","source":"Tidal Cyber","associated_software_id":"371af2c7-299d-48e3-ace1-a3e33ba2fedd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b85420b1-dc69-4659-a8cf-ecde24d2a791","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5f9b1f0e-439c-4db4-8ab9-36abe2612021","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"101f7867-9c5c-482e-b26e-9fdb8ff9b2c7","name":"Scrobj","type":"tool","source":"Tidal Cyber","software_attack_id":"S3315","tidal_id":"24994b64-1856-5c56-b5cf-3c5151de2133","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac56e479-6cf2-4c56-85cb-0c0d4c82c605","name":"Scrobj.dll","description":"[[Scrobj.dll - LOLBAS Project](/references/c50ff71f-c742-4d63-a18e-e1ce41d55193)]","source":"Tidal Cyber","associated_software_id":"922a431d-1ebd-4ad2-a16d-054e3eb24a1f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"474c8768-fa5a-4e18-96ec-8ddf31ae960c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8e15d8c1-3ebc-4b17-9443-af2345ede1a0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f9840d08-eb55-4c19-a1af-964e10dae0d4","name":"ScService","type":"malware","source":"Tidal Cyber","software_attack_id":"S3179","tidal_id":"298682b4-93cb-52dd-b83f-0520c474e118","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3269533a-6cc5-42e3-a921-dcf6869d096b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0bdb170e-4076-4c64-9e66-2b61910550fb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a3480f03-d03f-4c1e-94fb-f6d8e998c14b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"046bbd0c-bff5-46fc-9028-cbe46a9f8ec5","name":"SDBbot","type":"malware","source":"MITRE","software_attack_id":"S0461","tidal_id":"132b5b52-2680-53c9-a1ff-f99ae9a52203","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)][[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"befd8cc6-2668-478f-aabb-810a0a6f682e","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"3d4be65d-231b-44bb-8d12-5038a3d48bae","name":"SDelete","type":"tool","source":"MITRE","software_attack_id":"S0195","tidal_id":"87ff0b4f-cbfb-57a9-af21-6f8b46d148cf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used [SDelete](https://app.tidalcyber.com/software/3d4be65d-231b-44bb-8d12-5038a3d48bae) for wartime operations in 2022-2023.[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Group IB Silence Sept 2018](https://app.tidalcyber.com/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[PTSecurity Cobalt Dec 2016](https://app.tidalcyber.com/references/2de4d38f-c99d-4149-89e6-0349a4902aa2)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3d9ab177-76ae-4fed-9f93-ebf2c0515ba4","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"ae30d58e-21c5-41a4-9ebb-081dc1f26863","name":"SeaDuke","type":"malware","source":"MITRE","software_attack_id":"S0053","tidal_id":"a4a40e19-9e1b-536e-8e4b-9000667a3d6f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"90ca5f13-d1d1-4bc4-930b-3559db96efa7","name":"SeaDaddy","description":"","source":"MITRE","associated_software_id":"a2b8e082-e238-4bcc-89e0-f6fe424c1d89","owner_id":null,"owner_name":null},{"id":"5dcc7cce-10fc-4a9b-922f-4b5b3bac6f17","name":"SeaDesk","description":"","source":"MITRE","associated_software_id":"be5732aa-a2d1-4088-89af-caf36034f360","owner_id":null,"owner_name":null}],"groups":[{"description":"[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)][[Symantec Seaduke 2015](https://app.tidalcyber.com/references/5ec05c01-8767-44c1-9855-e1b0e5ee0002)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"771b72e6-f16b-45c5-8e38-a842540aa72b","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"c36c774b-7e6d-43e9-bbdf-378e70b7c816","name":"SEAELF","type":"malware","source":"Trellix TIG","software_attack_id":"S3450","tidal_id":"94a4cfa9-0d30-577f-a722-cb226bde2006","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"3527b09b-f3f6-4716-9f90-64ea7d3b9d8a","name":"Seasalt","type":"malware","source":"MITRE","software_attack_id":"S0345","tidal_id":"3b40c72e-9ef7-5206-9043-893c83967a7e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1 Appendix](https://app.tidalcyber.com/references/1f31c09c-6a93-4142-8333-154138c1d70a)][[McAfee Oceansalt Oct 2018](https://app.tidalcyber.com/references/04b475ab-c7f6-4373-a4b0-04b5d8028f95)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"42c8504c-8a18-46d2-a145-35b0cd8ba669","name":"SEASHARPEE","type":"malware","source":"MITRE","software_attack_id":"S0185","tidal_id":"0a76fb68-ef80-5500-9812-c9bfb370b282","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8056dc80-e2d0-45fd-ae4f-cd48c6ddf857","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"74beac1c-8468-4f1e-8990-11a4eb7b0110","name":"Seatbelt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3044","tidal_id":"d6d5f71f-fc4b-5308-aa1d-dbb5254758d7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5421190b-d25b-4d17-8c7e-c09639a53cb3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"9dffb2f8-a72b-4f02-96b4-95a1336745b8","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"25a0e5e7-2f46-4bc7-b087-0d8df66ff35e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"e4451a89-0178-49a9-aa1c-bf885325cce3","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"24938cdf-e5e1-4e4c-93e3-e615c2bf4230","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6d715aaf-35fa-4d53-bcdb-6c0ba36a5c1f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"6ff9306d-ec01-4aac-82b9-2b5acc568484","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"abc98594-cc6d-43e5-880a-a3398d989c22","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"11bc18cf-c359-4e8b-a650-2aad767c7220","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"16715451-0f6f-43cb-adb0-14a5b37734b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7fcd9886-9968-4684-b316-52fd1338424e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a1fef846-cb22-4885-aa14-cb67ab38fce4","name":"secretsdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3097","tidal_id":"29c98931-5a9d-53e9-944d-5700c9d6179a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f7e571a6-c6db-47ec-b4cd-a9587115eea2","name":"secretsdump.py","description":"","source":"Tidal Cyber","associated_software_id":"8e8fdcd6-5b2f-4672-91fe-740555345883","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"634f032e-90a6-43c0-b821-fcef37fa9611","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"9803c76e-fb69-4b94-9001-de1d566a7e91","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"3c8d65f1-193c-4959-8385-f5a65f4c1f49","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"4f5bd981-c7c6-4442-b083-fd252cc9cea5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"fdeeb12a-1fc9-4e8e-8d3e-35fb5f6de3a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fe92119c-d2b2-41b6-8ffd-a94f6682a7bc","tag":"61b7b81d-3f98-4bed-97a9-d6c536b8969b"},{"id":"eb1d2cd3-5165-4891-a355-7825dd670bf3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ad789102-9692-48ac-8407-68618f434c70","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0e34c5b5-09a1-4172-927c-2210b1f14d60","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"e5f4c869-da81-4564-a4a0-c5c5c18a8437","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3f7be496-6c05-4169-9dae-e0bb6b53cdfe","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"80b9180e-bae5-44a7-8016-8c1463bbd054","name":"Secure Socket Funneling","type":"tool","source":"Tidal Cyber","software_attack_id":"S3144","tidal_id":"5f21292f-472c-5d9c-9ff5-3768f58a9a7c","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dee1e0ca-09c7-4284-981f-0d5aa0fec1b5","name":"SSF","description":"[[GitHub securesocketfunneling ssf](/references/077ab224-9406-4be7-8467-2a6da8dc786d)]","source":"Tidal Cyber","associated_software_id":"e039a58f-0838-466f-b9de-34653491b7d3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17b15604-a1e1-4714-a687-7d58d8a9fb92","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"18321641-b94f-45b4-a44a-0ff549491b5a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"82e42390-b4fb-4cdd-88d2-052d320b4718","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"f62d0e75-3378-4752-b4c0-c11d086141e3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cf059581-25bc-4b31-a829-b2fa3747e085","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"300af65b-7f7b-4db9-93be-e22718bd3586","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"c248632f-7ef0-4f61-905d-c88d27bd8947","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"266b7f51-0fe5-405c-ac50-efed11e97188","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4fe9a566-9dee-4813-9663-275115c7fdab","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d30a658b-60db-4b33-ab32-5411f1b77cbb","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"931dd033-62cc-4e91-9005-0d9414be13bc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bd7bee8e-3546-4245-98bc-7980769d74ab","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"704ed49d-103c-4b33-b85c-73670cc1d719","name":"ServHelper","type":"malware","source":"MITRE","software_attack_id":"S0382","tidal_id":"3f270b20-cf62-5864-998b-d1a5ba693f3b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA505 Jan 2019](https://app.tidalcyber.com/references/b744f739-8810-4fb9-96e3-6488f9ed6305)][[Cybereason TA505 April 2019](https://app.tidalcyber.com/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)][[Deep Instinct TA505 Apr 2019](https://app.tidalcyber.com/references/529524c0-123b-459c-bc6f-62aa45c228d1)][[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"48523f0f-a6f9-4d4f-84b6-2c850d4c6c95","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"179ed67a-6142-49c2-8e71-927b9c47e6f5","name":"SessionGopher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3411","tidal_id":"ce39d702-df72-53d1-a67e-5276da83220c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7db78bfa-666b-4c4a-bea4-c1c4b3e2228c","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"98b7b614-1974-47aa-9e34-9225e85663f4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1bed16f9-fcb1-4a94-b87e-6ba5d2e8233c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5672593e-914f-4ed1-9b94-b37e86035eb3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"f601865e-9162-4e8a-8444-6db2eb54c128","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"20300766-a6a9-4e49-8ac7-8ad914555936","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"4f4ff3ed-7d2e-4cd3-b02c-1d568690a1ee","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"fb47c051-d22b-4a05-94a7-cf979419b60a","name":"Seth-Locker","type":"malware","source":"MITRE","software_attack_id":"S0639","tidal_id":"6c5a177e-910d-5ae4-88bc-1fa6bc04493f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0314e860-8f16-4575-8a8b-47a9da69b04e","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"80242cf6-335d-4b31-89a2-70ec04c368b3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"ad872ead-f3be-49df-b2f3-2526246acdf5","name":"Setres","type":"tool","source":"Tidal Cyber","software_attack_id":"S3283","tidal_id":"56671872-fe8e-556c-baec-18f94e417344","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ee17b779-c555-4ae0-9a76-56a24d647675","name":"Setres.exe","description":"[[Setres.exe - LOLBAS Project](/references/631de0bd-d536-4183-bc5a-25af83bd795a)]","source":"Tidal Cyber","associated_software_id":"87bd69bf-cada-4225-a91e-a32add673522","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ecf4e884-92b6-4caf-98fb-b76e342944de","tag":"d75511ab-cbff-46d3-8268-427e3cff134a"},{"id":"a5840fc9-9ffb-4622-944d-a8db5af97939","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"fb560c03-90af-4bc5-bf0f-7a1c01dfc537","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e46a42d6-ca6e-4237-ab66-b0d102a580c7","name":"SettingSyncHost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3284","tidal_id":"a2d69aeb-3ccc-5886-84b6-bbec5692574e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ab3517f-f1b5-4b85-81b7-1e887acf7cbf","name":"SettingSyncHost.exe","description":"[[SettingSyncHost.exe - LOLBAS Project](/references/57f573f2-1c9b-4037-8f4d-9ae65d13af94)]","source":"Tidal Cyber","associated_software_id":"ff7ceff1-6f98-4a50-9461-368b16d96b4b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c7fe679a-cbc1-4f91-8c17-7587a9a8a5e2","tag":"8929bc83-9ed6-4579-b837-40236b59b383"},{"id":"0c0fd086-001b-4d38-95af-f93b72d55d07","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"68bb376d-a2cd-4be8-82ec-27f64e3b1f42","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7d450ec-dd29-455f-8d26-f8a563e1e88d","name":"Setupapi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3316","tidal_id":"90a73aec-a1a6-51ba-9034-f8e669860740","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"da642a14-5517-47b9-b2d7-09b461f8164c","name":"Setupapi.dll","description":"[[Setupapi.dll - LOLBAS Project](/references/1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd)]","source":"Tidal Cyber","associated_software_id":"ff4e0a76-a50f-4605-9e19-2cb2309bbda7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e3f88c1d-e630-4f67-aa38-3c08437695b2","tag":"da405033-3571-4f98-9810-53d9df1ac0fb"},{"id":"dfec98ed-75b4-481a-9ecc-f4cb7a3efc0c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f11a14cc-d20c-4746-bff1-8fb4439d812c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7751a962-281e-420d-9d29-f83ae9985fd5","name":"ShadowLink","type":"malware","source":"Tidal Cyber","software_attack_id":"S3442","tidal_id":"4b55152c-e962-5297-ab65-751f83c36b4b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0e8c9bc4-7851-44f2-8fd5-8fee380d5574","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3292de0a-32da-4b24-be45-67414e2ccf74","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"8e5ac7d8-488b-4811-b980-ea5a7546176a","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"e2ff7614-673a-4b56-be84-038887218c60","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":"TidalCyberIan"},{"id":"5190f50d-7e54-410a-9961-79ab751ddbab","name":"ShadowPad","type":"malware","source":"MITRE","software_attack_id":"S0596","tidal_id":"c1d11ca1-7b17-5c28-ab8e-e498edd2d20e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e503dc0d-9c53-4110-a7da-bfc7ebcc3b3a","name":"POISONPLUG.SHADOW","description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","source":"MITRE","associated_software_id":"86e74984-d06d-4b3e-be56-8c3af2060e99","owner_id":null,"owner_name":null}],"groups":[{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [ShadowPad](https://app.tidalcyber.com/software/5190f50d-7e54-410a-9961-79ab751ddbab) as a remote access tool to victim environments.[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)][[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3074","group_id":"62f010b9-707f-4161-99dc-69e3c6e54e13","name":"Stately Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[RedEcho](https://app.tidalcyber.com/groups/a6dea520-12ab-5c7b-8142-db3a308122de) has used [ShadowPad](https://app.tidalcyber.com/software/5190f50d-7e54-410a-9961-79ab751ddbab) during intrusions.[[RecordedFuture RedEcho 2021](https://app.tidalcyber.com/references/644fa2c1-ed3e-5203-96d5-27acfc1947a0)][[RecordedFuture RedEcho 2022](https://app.tidalcyber.com/references/3bd1c189-8cb8-5e87-9d3a-15d24a8df16f)]","group_attack_id":"G1042","group_id":"a6dea520-12ab-5c7b-8142-db3a308122de","name":"RedEcho","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)]","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5db4103c-937f-4129-bfd2-0dd5f345cbf9","tag":"a7346d6d-d5c9-497c-b3b3-54fb95dd4d68"},{"id":"a9611327-c37f-421a-88ab-7d1023de1b4b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"840db1db-e262-4d6f-b6e3-2a64696a41c5","name":"Shamoon","type":"malware","source":"MITRE","software_attack_id":"S0140","tidal_id":"38a8d313-e17e-5ccd-8534-9f74a770059d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ab151071-4f92-4e56-8108-d5f298a320f6","name":"Disttrack","description":"[[Palo Alto Shamoon Nov 2016](https://app.tidalcyber.com/references/15007a87-a281-41ae-b203-fdafe02a885f)]","source":"MITRE","associated_software_id":"a834945d-2e57-44e0-9795-8bdc73208f61","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"59850eb8-9fe2-4c25-b0a5-015859703116","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"055e70b5-c279-41d4-ad11-c2a884929d88","name":"ShapNBTScan","type":"tool","source":"Tidal Cyber","software_attack_id":"S3434","tidal_id":"4473ec7a-6eb6-50bd-a080-bc1e7ed38067","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"37ad9587-5e6d-4586-9bb3-2c1dc2b13fd7","name":"NBT.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"2ad365a1-7ae1-4522-9c28-1b5c43f3c1d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fe962179-3d8c-4ccb-8271-68a6dc102410","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"f5e05785-8a35-49ef-977e-50e38af219f5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ee618dc0-9761-4a75-8a42-72bf0eb41179","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"56ca2052-8c8c-44d9-9dd1-03205b71aa7f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cca87d1b-5dcd-4f5a-a17e-6192ec2f4fea","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4fbb5a51-8dcd-4402-a934-35437383264b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"3529cfa8-469c-4267-a1ea-47109ce483ba","name":"ShareFinder","type":"tool","source":"Tidal Cyber","software_attack_id":"S3468","tidal_id":"8c873f0f-9d40-509f-9dd5-33a014e19ac0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"babeb7b9-f4d4-4699-a435-2b35d0c568bb","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"82c8df80-40a6-4838-90cf-3a6b8457af62","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f880e932-e551-4158-b271-b32d5a8b8a26","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"1c763597-2261-440a-ad72-dde8407e629b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb6aa85d-96d9-4395-bcf2-c4e88f927948","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"278da5e8-4d4c-4c45-ad72-8f078872fb4a","name":"Shark","type":"malware","source":"MITRE","software_attack_id":"S1019","tidal_id":"cc9fb176-ac6d-52cb-8369-822d3d27a4dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)][[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"54731ee1-68f7-4b95-9513-e4eb70679677","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"311e8944-2157-4616-8b95-d75020e21c35","name":"SharpChromium","type":"tool","source":"Tidal Cyber","software_attack_id":"S3100","tidal_id":"afc43624-de13-5feb-84f1-2b783724e0b7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"89f92b69-b45a-421e-a58d-11cd62e949c5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"4ed1e83b-a208-5518-bed2-d07c1b289da2","name":"SharpDisco","type":"malware","source":"MITRE","software_attack_id":"S1089","tidal_id":"f6047b23-904a-5597-bd43-90891322535d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"20e472dd-dc65-40e4-b655-c8b4fae7714a","name":"SharpExfiltrate","type":"tool","source":"Tidal Cyber","software_attack_id":"S3142","tidal_id":"a1e98cd6-0d1a-5ac5-80f3-8385c79573a0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kroll Royal Ransomware February 13 2023](/references/de385ede-f928-4a1e-934c-8ce7a6e7f33b)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d5f1eb9b-ae41-48c5-823f-94d6ba4c4c85","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6cc67305-97fe-46f7-bba6-6972ae61b68e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"656f33bc-e6dc-4b1e-8f48-3ccb8e6c8abe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fdb9cd3d-8192-4141-9703-88163f6c3f77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"529e95a5-7e66-4805-9067-729b63cdba57","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"72ac13f5-2436-46dc-bf3f-b4b1364ba4f8","name":"SharpGPPPass","type":"tool","source":"Tidal Cyber","software_attack_id":"S3436","tidal_id":"1ecb948d-72d1-52f8-869a-98bd3f99c3f8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7754b69f-d7bb-43fc-9f35-517c45373dd0","name":"SharpGPPPass.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"85532c62-557c-4019-9a3a-3eb90fe2deb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"16846122-3125-4962-8a38-1be2d116dd53","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"eb764548-b012-49a7-b9d7-2199a90a5730","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"256243ca-b65b-4e74-ae3b-e5d52f8c93c6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fef13a9c-0225-4c86-b4d2-4cc90b1bb545","tag":"ef782523-005c-47ef-9640-5eb51560a44e"},{"id":"7a9a6e09-72ef-44f4-a190-099d36248843","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cd049ed3-194f-491a-bba2-fc9fa25850dc","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fe5cea24-26ac-4ddf-9355-dfb9223a1606","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"0bcf0dae-315f-491f-bc65-b1772ffa31c1","name":"SharpHound","type":"tool","source":"Tidal Cyber","software_attack_id":"S3115","tidal_id":"7aa55945-0323-5b6b-8503-f502802105aa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"67b01c1c-1bcf-4679-af9c-b74f9800d2e6","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"df7d86e0-080e-4c0c-8d6e-5e14af9e5efd","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"216f66e3-1093-4f7e-bf10-7360e13905cb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b5eee804-40d1-48f6-beb5-3e8c2d84f06d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c9e57a95-5299-475d-9c0e-e3fa897286aa","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2e3d54aa-4534-4b19-8b87-f4e27e526b74","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2cb456f1-2b62-4df5-a5ff-0894783216b0","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c28898df-a4af-471f-b1bf-70ea2fdbbf7a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dda600ed-2950-4838-89d1-1f76dd276468","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"54a5c881-c1ad-40d0-88c0-6c32b9ef95cb","name":"SharpRoast","type":"malware","source":"Tidal Cyber","software_attack_id":"S3083","tidal_id":"4e8487c3-fb27-5032-95c6-eba5754db24f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2d7d7232-1b03-43ae-93ba-806d32a545bf","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2a82f73-369d-49ea-a093-c45e65b529cd","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"a202b37f-5c61-410b-bb14-a3e6b2b82833","name":"SharpShares","type":"tool","source":"Tidal Cyber","software_attack_id":"S3013","tidal_id":"0a76082b-c3e9-54d3-96b2-d0385106baab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"50ccce2d-be10-4432-993f-5cd5ff228ef7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"76b98bbd-4633-4afc-bde4-5fb30f56540c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"577f26c7-b8e6-4dcb-b013-9a724b273835","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"f5642f17-d8a2-4799-b154-cf1a13c7f584","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7522d5d9-8a16-4e8f-a47c-7fdad02825be","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"75607d18-94c4-482c-ac71-cc136bdf8a41","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"26b2f1d9-fb56-4ada-a540-85f2fa8492dc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"564643fd-7113-490e-9f6a-f0cc3f0e1a4c","name":"SharpStage","type":"malware","source":"MITRE","software_attack_id":"S0546","tidal_id":"2ad3940b-c4fe-5e72-974d-32cc7a233b62","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f655306f-f7b4-4eec-9bd6-ac75142fcb43","name":"SHARPSTATS","type":"malware","source":"MITRE","software_attack_id":"S0450","tidal_id":"ddbf8a0a-0723-529c-9f44-3b11f666d840","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b1b3ef97-d32a-48a6-b4f1-e4c776fad14b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"dcfd3dfd-bfad-41dc-b17c-4435209d552d","name":"SharpZeroLogon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3435","tidal_id":"8ae6e2a1-0d31-5b38-9ef1-70e67cc62ae5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"48b05d34-b7cc-4f46-a501-3a55f5381c05","name":"SharpZeroLogon.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"62705c1e-c13f-4452-82c8-e7f38d36705e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f310814a-7031-4406-b392-5ce737bd7ea1","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"928c8ad8-b908-4e05-bd5d-99f63a236cc9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"acf43eab-6893-4734-b1bf-70e27d4caf99","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d6e320c-222f-4f54-9c42-3f558634ef73","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"8f74bc17-83a7-42b9-a31b-bc0818b8d2d2","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"e60862b3-edcd-4c2e-b916-c4e552d2d8e3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"86e442e1-2147-41c5-af73-a008da3ee2fa","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"67323b8a-e805-4503-8a40-d47f229453a0","name":"Shdocvw","type":"tool","source":"Tidal Cyber","software_attack_id":"S3317","tidal_id":"8b287b6f-9684-5487-9ea6-ef15ab577cd5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"89e74cc6-79a8-4d02-9d12-46076a8b56ae","name":"Shdocvw.dll","description":"[[Shdocvw.dll - LOLBAS Project](/references/0739d5fe-b460-4ed4-be75-cff422643a32)]","source":"Tidal Cyber","associated_software_id":"8a0c4826-3d7a-4eac-9f53-1a82316ea81f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"aa5e7204-2ac4-45e2-9f95-ec3319ac79ef","tag":"2c0f0b44-9b09-49a0-8dc5-d9fdcc515825"},{"id":"4daa56da-3c65-4e58-8401-00bb6a6691bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f045a566-677e-4bea-ae57-1560ff3dd4df","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"edf31b62-e9db-43c8-b9ef-55afd6b0404c","name":"Shell32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3318","tidal_id":"9e7c2669-3bab-5307-b991-1c9c54a19b1d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f83926fc-f19b-4c3c-9b02-f8e8e06eceed","name":"Shell32.dll","description":"[[Shell32.dll - LOLBAS Project](/references/9465358f-e0cc-41f0-a7f9-01d5faca8157)]","source":"Tidal Cyber","associated_software_id":"d60406be-9e87-4325-b130-ca74a8e3cb6f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"287dc1f0-0d85-431a-96ec-3cec6c22a6a1","tag":"e0b9882e-b9bb-4c16-b3d9-9268866eded0"},{"id":"136d56e2-9da3-4b8a-9de2-5843e16145f6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"97bb9c9b-aac0-410f-b36c-2be3cd86da69","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"691b3a37-af46-47d2-a027-d93d901e0dac","name":"Shimgvw","type":"tool","source":"Tidal Cyber","software_attack_id":"S3319","tidal_id":"735651e3-7507-5190-97d4-e41608fd057f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"406ba722-6a7d-4cc4-82f6-18cfe36ddcc9","name":"Shimgvw.dll","description":"[[Shimgvw.dll - LOLBAS Project](/references/aba1cc57-ac30-400f-8b02-db7bf279dfb6)]","source":"Tidal Cyber","associated_software_id":"03cadf3b-6313-4f0f-8ff1-b9944d6f86f2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"973c1ff3-b424-444a-8ab8-a236e9750591","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6ebb3aa0-072b-4d8f-9ea3-71b5c84fc454","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a3287231-351f-472f-96cc-24db2e3829c7","name":"ShimRat","type":"malware","source":"MITRE","software_attack_id":"S0444","tidal_id":"bb15355b-b3df-5177-b6c9-3f9505700a64","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G0103","group_id":"8bc69792-c26d-4493-87e3-d8e47605fed8","name":"Mofang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"77d9c948-93e3-4e12-9764-4da7570d9275","name":"ShimRatReporter","type":"tool","source":"MITRE","software_attack_id":"S0445","tidal_id":"8fb6792f-b659-55c7-8527-70ba4a1faba8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G0103","group_id":"8bc69792-c26d-4493-87e3-d8e47605fed8","name":"Mofang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3db0b464-ec5d-4cdd-86c2-62eac9c8acd6","name":"SHIPSHAPE","type":"malware","source":"MITRE","software_attack_id":"S0028","tidal_id":"178f28f6-0c83-5603-b271-5e5c98f76bab","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"49351818-579e-4298-9137-03b3dc699e22","name":"SHOTPUT","type":"malware","source":"MITRE","software_attack_id":"S0063","tidal_id":"a50fa0c7-38d4-538b-a006-f05315d876cf","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c7d4b1ec-bd3a-455c-92a7-b45249bb4e56","name":"Backdoor.APT.CookieCutter","description":"[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]","source":"MITRE","associated_software_id":"1632745f-2d2f-4720-8ce4-53750459cb33","owner_id":null,"owner_name":null},{"id":"da5aae0a-6a9c-4d09-b65a-75db8eaf3365","name":"Pirpi","description":"[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]","source":"MITRE","associated_software_id":"9e091930-0bc1-48d3-b49a-046d0ef9819c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye Clandestine Wolf](https://app.tidalcyber.com/references/dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f)]","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9baf920c-9a17-5037-8a6b-1ce1bcd570dc","name":"ShrinkLocker","type":"malware","source":"MITRE","software_attack_id":"S1178","tidal_id":"9baf920c-9a17-5037-8a6b-1ce1bcd570dc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c0d0db09-0ca8-4673-8e21-30379c69af00","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"216dd9b7-e0f0-4328-a8b8-27a7cb8cb817","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"5b2d82a6-ed96-485d-bca9-2320590de890","name":"SHUTTERSPEED","type":"malware","source":"MITRE","software_attack_id":"S0217","tidal_id":"a3920a1a-a458-5d29-a6a6-fed49b0e2436","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea0a1282-f2bf-4ae0-a19c-d7e379c2309b","name":"Sibot","type":"malware","source":"MITRE","software_attack_id":"S0589","tidal_id":"944398b3-4271-500f-8c08-03470ea5ad4b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"434e032d-8022-4e6a-9fea-07a99311acd0","tag":"a95bb8df-9089-4cea-9810-be32b99c3c5d"},{"id":"d5691c57-b420-4ab6-8331-8b1507793953","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"61227a76-d315-4339-803a-e024f96e089e","name":"SideTwist","type":"malware","source":"MITRE","software_attack_id":"S0610","tidal_id":"c1d3398c-8216-55cd-a32c-a2adfa54511b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Check Point APT34 April 2021](https://app.tidalcyber.com/references/593e8f9f-88ec-4bdc-90c3-1a320fa8a041)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ca6af4a0-b161-4a5f-aae4-8bb3680a02b7","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"4765999f-c35e-4a9f-8284-9f10a17e6c34","name":"SILENTTRINITY","type":"tool","source":"MITRE","software_attack_id":"S0692","tidal_id":"0f475e03-5ce1-5ae5-81c1-50270e48f00d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8ea75674-cc08-40cf-824c-40eb5cd6097e","name":"Siloscape","type":"malware","source":"MITRE","software_attack_id":"S0623","tidal_id":"c95e77fe-3dd8-5db6-b03c-ec8ddbbbf677","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"369f733e-71da-4a56-850f-90ac9af6f28f","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"}],"owner_name":null},{"id":"d8eb26fa-03c1-47e2-ae61-3971c8617b24","name":"SimpleHelp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3449","tidal_id":"18e76450-7ce9-554a-b5d1-5466ea2f08da","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sophos DragonForce Attack May 27 2025](/references/edb4359f-f12a-4ab1-9116-9c4b3220120d)]","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c208d56e-31dc-4195-8b16-4c01c78c9c7e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"05ecfb5b-1495-4d16-b6e9-24cfff18c486","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"07756e1c-f5a3-4305-9a42-7d5e62a39aac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"56eb7657-c00e-4e62-8e53-642f1e730815","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9d60fb83-8d3b-400b-b803-be649a59c355","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"18ebd7af-a474-487f-9c7f-d4d1c7002c79","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"d2631096-7842-4bb7-a0b5-60a3c52a1d5b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"206453a4-a298-4cab-9fdf-f136a4e0c761","name":"Skeleton Key","type":"malware","source":"MITRE","software_attack_id":"S0007","tidal_id":"3edfe1f4-70cd-592c-bb92-c412f885dd01","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cc91d3d4-bbf5-4a9c-b43a-2ba034db4858","name":"Skidmap","type":"malware","source":"MITRE","software_attack_id":"S0468","tidal_id":"69363788-12a0-5b5c-b06f-1488e41779cb","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c8fed4fc-5721-5db2-b107-b2a9b677244e","name":"SLIGHTPULSE","type":"malware","source":"MITRE","software_attack_id":"S1110","tidal_id":"6d9c9adb-9e4e-5802-bb49-eaba52abbb42","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)][[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bbd16b7b-7e35-4a11-86ff-9b19e17bdab3","name":"Sliver","type":"tool","source":"MITRE","software_attack_id":"S0633","tidal_id":"23d608fb-28d4-57d7-a5c1-55e294a1c2cb","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)][[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":" [[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybereason Sliver Undated](https://app.tidalcyber.com/references/72744c10-c500-5691-9f28-6a66ee7f5ef2)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit42 Jumpy Pisces October 30 2024](/references/2da2d3c6-cf19-49c8-8a82-2119b14d4e03)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fd216ec9-aafa-48cc-a70c-2701d69e4058","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e1e4bb99-c4cd-4bac-826a-f7ec4e58bcaa","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b45b9120-5aae-4980-9480-1c7b2492f5d4","tag":"0fa3a7df-9e1e-4540-996e-590715e8314a"},{"id":"fe07ebbc-e685-4b49-b547-a94e599d928c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"c027d539-3a12-4f5d-9573-cc1f011ac220","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"81e30b84-2411-4619-a7cd-4dc2ecf64495","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"171e58ed-2929-4dc7-92f5-9af43871b04e","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"563c6534-497e-4d65-828c-420d5bb2041a","name":"SLOTHFULMEDIA","type":"malware","source":"MITRE","software_attack_id":"S0533","tidal_id":"a9f1c28c-226c-5f3f-91cc-0363015cf6e7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"331ec335-52e8-4040-b21b-dac154e834de","name":"JackOfHearts","description":"Kaspersky Labs refers to the \"mediaplayer.exe\" dropper within [SLOTHFULMEDIA](https://app.tidalcyber.com/software/563c6534-497e-4d65-828c-420d5bb2041a) as the JackOfHearts.[[Kaspersky IAmTheKing October 2020](https://app.tidalcyber.com/references/fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a)]","source":"MITRE","associated_software_id":"1defcdcc-c10d-40a8-afb2-5ebc68c4f752","owner_id":null,"owner_name":null},{"id":"1d818a0e-cba6-408b-a9ea-1adae7d31e5e","name":"QueenOfClubs","description":"Kaspersky Labs assesses [SLOTHFULMEDIA](https://app.tidalcyber.com/software/563c6534-497e-4d65-828c-420d5bb2041a) is an older variant of a malware family it refers to as the QueenOfClubs.[[Kaspersky IAmTheKing October 2020](https://app.tidalcyber.com/references/fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a)]","source":"MITRE","associated_software_id":"dba41372-a48f-412e-ad89-3acdfba47cd0","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"7c047a54-93cf-4dfc-ab20-d905791aebb2","name":"SLOWDRIFT","type":"malware","source":"MITRE","software_attack_id":"S0218","tidal_id":"71fff5a0-cf67-5df6-8b08-77bc55825243","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"37e264a6-5ad3-5a79-bf2c-db725622206e","name":"SLOWPULSE","type":"malware","source":"MITRE","software_attack_id":"S1104","tidal_id":"0e6c2d43-3cb7-502c-b6db-435170b9bd7d","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"07588c4c-39a8-4687-92ac-1da9a16186c5","name":"SlowStepper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3418","tidal_id":"550957a8-cf08-554c-9f5f-526a5b212112","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET PlushDaemon January 22 2025](/references/f35fc467-17c4-4eff-a9cb-921bfb3cc5d1)]","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"49092701-b986-4b07-a241-4adc325b87f0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a8aee32d-330b-494a-8708-f3e12a8ff858","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"811a071f-9fba-4845-b2ed-bf64fdb3c371","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c58028b9-2e79-4bc9-9b04-d24ea4dd4948","name":"Small Sieve","type":"malware","source":"MITRE","software_attack_id":"S1035","tidal_id":"5487ca96-a48f-592d-86bb-154770f58516","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd259728-5933-4e4d-a40c-9c831876038b","name":"GRAMDOOR","description":"[[Mandiant UNC3313 Feb 2022](https://app.tidalcyber.com/references/ac1a1262-1254-4ab2-a940-2d08b6558e9e)]","source":"MITRE","associated_software_id":"b4f0c7bd-888f-4b77-a269-0f85b9bd7bb0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)][[NCSC GCHQ Small Sieve Jan 2022](https://app.tidalcyber.com/references/0edb8946-be38-45f5-a27c-bdbebc383d72)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd968812-8bf2-45a9-8242-1712d8e0dbd6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9ae4154d-ee48-4aeb-b76f-6e40dbe18ff3","name":"SMOKEDHAM","type":"malware","source":"MITRE","software_attack_id":"S0649","tidal_id":"8f6748c3-a1df-5469-9e40-6bf16e9ac5f4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"1e153f75-aed5-447b-94af-14cb33b41087","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"2244253f-a4ad-4ea9-a4bf-fa2f4d895853","name":"Smoke Loader","type":"malware","source":"MITRE","software_attack_id":"S0226","tidal_id":"41f7d611-c4db-5f7a-9761-bb77b0160c06","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bfeb6e82-d55c-43f7-bd7f-8b54eb9d2017","name":"Smokeloader","description":"","source":"Tidal Cyber","associated_software_id":"d18a5729-7267-422b-bc00-5bb274bf0be6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"65b0d392-fe6d-4c7d-89a7-163164be6599","name":"Dofoil","description":"[[Malwarebytes SmokeLoader 2016](https://app.tidalcyber.com/references/b619e338-16aa-478c-b227-b22f78d572a3)] [[Microsoft Dofoil 2018](https://app.tidalcyber.com/references/85069317-2c25-448b-9ff4-504e429dc1bf)]","source":"MITRE","associated_software_id":"e85ca2c7-0bfc-4a70-b696-a7ccf0867ac0","owner_id":null,"owner_name":null}],"groups":[{"description":"[[VMWare 8Base June 28 2023](/references/573e9520-6181-4535-9ed3-2338688a8e9f)][[Acronis 8Base July 17 2023](/references/c9822477-1578-4068-9882-41e4d6eaee3f)]","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8803dd07-6802-45dc-9d2a-9f6cd963d6b0","tag":"85ca9835-fc2b-4f81-b69d-21ebb040dc3e"},{"id":"61cb01ca-2e61-4fd3-ba1a-ac476094c0e0","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"61ce7a82-4645-4853-9d3b-ef9d506c6847","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"8a3c757f-465d-4e02-871b-9f18b97bc043","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"0122a095-3e70-4f84-a5d6-82f4e9e5862c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d1e6e188-44bb-4084-bbc1-e587ede74f81","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"edd8f7bd-012e-428f-9ab8-2f02e7563d70","name":"Snaffler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3495","tidal_id":"b08d4106-37d5-5fd0-8dc6-76c58357cab1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6d3ee5d9-94a8-4d37-bf52-a49a3ae3832d","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"bf36fdcc-1222-4c71-a3c4-5411ff7668d2","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0bad74c0-b0b9-40e2-8408-f9fde33ae6a6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5836abed-81a6-43da-8638-30b8ce937467","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"84a5fd07-5fd7-569f-98bf-6fdaa58bdc99","name":"SnappyTCP","type":"malware","source":"MITRE","software_attack_id":"S1163","tidal_id":"84a5fd07-5fd7-569f-98bf-6fdaa58bdc99","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Sea Turtle](https://app.tidalcyber.com/groups/a511f4e7-9a04-5f37-a599-0d0eee85cfec) used [SnappyTCP](https://app.tidalcyber.com/software/84a5fd07-5fd7-569f-98bf-6fdaa58bdc99) following initial access in intrusions from 2021 to 2023.[[PWC Sea Turtle 2023](https://app.tidalcyber.com/references/b018a875-559a-5998-b50a-b87b19cb3807)]","group_attack_id":"G1041","group_id":"a511f4e7-9a04-5f37-a599-0d0eee85cfec","name":"Sea Turtle","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d6674c55-da2b-453f-91a7-5882d0ed4384","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"f587dc27-92be-5894-a4a8-d6c8bbcf8ede","name":"Snip3","type":"malware","source":"MITRE","software_attack_id":"S1086","tidal_id":"8a85295b-c9ca-5d24-a47b-110f1d25dcd6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)][[Morphisec Snip3 May 2021](https://app.tidalcyber.com/references/abe44c50-8347-5c98-8b04-d41afbe59d4c)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d6c24f7c-fe79-4094-8f3c-68c4446ae4c7","name":"SNUGRIDE","type":"malware","source":"MITRE","software_attack_id":"S0159","tidal_id":"3da4112f-cfa4-5c6c-8853-86678f575385","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ab84f259-9b9a-51d8-a68a-2bcd7512d760","name":"SocGholish","type":"malware","source":"MITRE","software_attack_id":"S1124","tidal_id":"35a578ab-166e-5ca5-9172-321a460738cc","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"38eeb191-e2ed-5094-b390-fcfd98f68f88","name":"FakeUpdates","description":"[[Red Canary SocGholish March 2024](https://app.tidalcyber.com/references/70fa26e4-109c-5a48-b9fd-ac8b9acf2cf3)]","source":"MITRE","associated_software_id":"8196092d-7509-42c8-8bbf-75f1fa888f21","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[Secureworks Gold Prelude Profile](https://app.tidalcyber.com/references/b16ae37d-5244-5c1e-92a9-e494b5a9ef49)][[SocGholish-update](https://app.tidalcyber.com/references/01d9c3ba-29e2-5090-b399-0e7adf50a6b9)]","group_attack_id":"G1020","group_id":"0898e7cb-118e-5eeb-b856-04e56ed18182","name":"Mustard Tempest","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f3ff7ef6-3ff1-41fe-816c-5f80509990f1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"c1906bb6-0b5b-4916-8b29-37f7e272f6b3","name":"Socksbot","type":"malware","source":"MITRE","software_attack_id":"S0273","tidal_id":"99feeb27-77d2-5f1c-a62b-6f634d844b21","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6ecd970c-427b-4421-a831-69f46047d22a","name":"SodaMaster","type":"malware","source":"MITRE","software_attack_id":"S0627","tidal_id":"c5c2e1b9-eb4e-50e0-a9d3-6c33d2a00739","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3d4324f4-ea93-49d7-b95f-b5c690d78456","name":"DARKTOWN","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"c1e3a23a-0680-4742-80ba-ae402c94ce02","owner_id":null,"owner_name":null},{"id":"bf3db8b9-4dc0-497b-8b02-729b1e900d85","name":"dfls","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"d5ae171f-4dcc-43b5-929f-eaa010c6721a","owner_id":null,"owner_name":null},{"id":"cef3602e-3b6c-47eb-9288-11f015690e71","name":"DelfsCake","description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","source":"MITRE","associated_software_id":"59a29c95-59db-4106-aef4-704fcb723be6","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"06288485-2e0f-48d8-95c5-a6486e447580","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"46a9ee9c-6c4a-4db9-9385-46d2617d8050","name":"SoftEther VPN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3071","tidal_id":"fcbeb8db-8e03-5c4a-9aa7-ef0bdd9cd85a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog July 14 2023](/references/a9cf756b-8157-4cc4-bdab-b10f320487df)]","group_attack_id":"G3064","group_id":"5a7121d1-1699-4878-afe3-b643b639fdf2","name":"Antique Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3083","group_id":"3444e9ed-d79a-4c53-90a2-a3bd2fcc3f7c","name":"PLUMP SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0035dc44-e08a-4d0c-b6c2-001d64a82022","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2c08a9d2-1984-43f5-be7f-1960cce4fdf7","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7f2c652d-2ef4-47b6-9eb8-282666ff33fa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4272447f-8803-4947-b66f-051eecdd3385","name":"SoftPerfect Network Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3045","tidal_id":"823bc25d-a31e-5526-877e-de85dde946c0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aac3a856-9879-4958-b4ab-360ae366d077","name":"netscan.exe","description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","source":"Tidal Cyber","associated_software_id":"45421c64-2f28-47fa-998d-7d4a79f99c9e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"623ef98a-2f73-4c0a-95c8-3d29a899933b","name":"NetScan","description":"[[SoftPerfect Network Scanner Product Page](/references/c9c3251d-1852-4b33-80f9-6e321a05cc30)]","source":"Tidal Cyber","associated_software_id":"8cd048e0-9c03-4a6d-8c1a-e34a9bff5f36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Akira April 18 2024](/references/2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft BlackByte 2023](/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"fb659897-b5f6-4d7d-b2f9-b3a3a36fe674","tag":"ac469e6e-92f0-4fd6-898f-95656b663caf"},{"id":"3c20d2d5-0e25-4665-a49a-025f685e515d","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"5b1cd036-7dfa-468e-80f5-b52693724240","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a39fb77c-a041-41c8-9a1c-c5eb54de85ec","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"c19d5aa6-55b3-4728-848e-95b064ad32e2","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d8520936-e18b-41d5-8546-3b9e7cf0ff20","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"17fc0c72-6551-4511-8d53-ee265ede12d2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c2f5f036-410d-4421-8eaa-4319366c7821","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"efa6d760-7300-4dad-a1f3-6d46639133ab","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"40001afc-2370-4575-8dfd-246447a35479","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"537ca44a-5ec3-46a6-a938-47b2a551fc1b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4d8f331d-4113-41c9-92ca-855be3f29c38","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e3133269-8773-4171-97f4-c7234e1c8b69","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5206f977-36a3-4a12-8437-b03d1449d743","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"e790c0b8-b0e1-4a72-9a18-4d5ddd1b4615","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"40993dee-84d2-49cc-bc24-b89a49d55594","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6b3cfb67-695b-4405-843b-6ec6ffaa2378","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"65c02049-93d4-4ba9-815b-7a6cd8c21aa4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d168da01-86ca-5392-80fb-4488b41ea704","name":"Solar","type":"malware","source":"MITRE","software_attack_id":"S1166","tidal_id":"d168da01-86ca-5392-80fb-4488b41ea704","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d0946927-d225-4119-9cae-eba73b866472","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"07a94239-bdde-42e7-ba9c-a1d0c81e0c3b","name":"Solar (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3161","tidal_id":"4fafdaad-3f72-5c34-95d8-db9f8f4630a4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ae0f5868-d884-405a-84e4-db2129bef0a3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4c0d2840-8159-4c96-aba4-57c3948150f7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0b9b2b31-f492-448b-97b6-90bfb9f3597c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0ec24158-d5d7-4d2e-b5a5-bc862328a317","name":"SombRAT","type":"malware","source":"MITRE","software_attack_id":"S0615","tidal_id":"5078feb3-4910-520b-9c0e-63de2be2b8ab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a9daa6d7-3c7f-4822-b19e-e03a41d4b4bc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3e959586-14ff-407b-a0d0-4e9580546f3f","name":"SoreFang","type":"malware","source":"MITRE","software_attack_id":"S0516","tidal_id":"b199e906-f3c8-5827-8a77-a0e88b6c644f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)][[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"901c0df4-d338-437f-b776-df1507024c8c","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"069538a5-3cb8-4eb4-9fbb-83867bb4d826","name":"SOUNDBITE","type":"malware","source":"MITRE","software_attack_id":"S0157","tidal_id":"c2f0ba0c-d829-5c81-8b58-618e9c53888c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0f8d0a73-9cd3-475a-b31b-d457278c921a","name":"SPACESHIP","type":"malware","source":"MITRE","software_attack_id":"S0035","tidal_id":"9ff0e3c9-d3c9-5fd7-a76f-fbad8d8b91b7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"93f8c180-6794-4e9c-b716-6b31f42eb72d","name":"Spark","type":"malware","source":"MITRE","software_attack_id":"S0543","tidal_id":"96da00d6-9d0a-5685-8b22-0b09feeb6fc6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Unit42 Molerat Mar 2020](https://app.tidalcyber.com/references/328f1c87-c9dc-42d8-bb33-a17ad4d7f57e)] [[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"02465438-b146-4ed1-81dc-ee1e8fd44561","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d0ef47fd-bd66-4ece-ab53-67b32de8e016","name":"SparkGateway","type":"tool","source":"Trellix TIG","software_attack_id":"S3402","tidal_id":"f08f96bd-1021-53ab-96b5-20b4ecca684e","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"5dd68837-4c22-4677-88f5-cd4d2f444631","name":"SparrowDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3406","tidal_id":"131c41bd-57b4-58ec-ae59-73aa7a919506","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6ff4cada-0086-41e4-9a08-71ad18c95917","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8a317df6-2da1-4831-a5e9-edc39fe1892c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1fecbae7-08da-45b1-9dbc-d170044d680f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b9b67878-4eb1-4a0b-9b36-a798881ed566","name":"SpeakUp","type":"malware","source":"MITRE","software_attack_id":"S0374","tidal_id":"a31f7d46-cf95-5877-bc77-d5db97a06f5f","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"25c85bfb-3833-4c57-867a-b7d9ff6c5a40","name":"Spearal","type":"malware","source":"Tidal Cyber","software_attack_id":"S3183","tidal_id":"0f937cf6-8ef8-5654-8c37-29d787b40056","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Check Point Research September 11 2024](/references/53320d81-4060-4414-b5b8-21d09362bc44)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1bf8cf34-7e2f-4f11-af9c-b288c0728e26","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"48d301c8-d971-4b56-89cd-dacca52db77b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cc2ea00b-fe16-4224-a36d-2cdbcdadb1ff","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"89e2bdbf-4839-4b35-bd19-316a953d7acf","name":"SpectralBlur","type":"malware","source":"Tidal Cyber","software_attack_id":"S3124","tidal_id":"c3f9e7b7-945b-5fdf-ac96-e301795e922e","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"[[Objective_See 1 4 2024](/references/c96535be-4859-4ae3-9ba0-d482f1195863)]","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f77cf905-eeb9-4d82-9286-072913fe4aab","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"324493b2-c510-47ef-be99-fd449548284c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"582c1a9e-1016-4c8c-9e3d-c511a1c7b951","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cdbebd0a-3036-4a24-b1d5-a3f0ca9c758e","name":"Sphynx","type":"malware","source":"Tidal Cyber","software_attack_id":"S3078","tidal_id":"7c419c22-6822-5362-922b-44577bd5f043","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[X-Force BlackCat May 30 2023](/references/b80c1f70-9d05-4f4b-bdc2-6157c6837202)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7b6c5abd-3686-4be6-a075-a727fbf34162","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"71d4520c-26d5-42c3-8fc3-b6892d125d6b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"d64101f3-a31c-4176-9ded-ec7980765244","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"8a85fe96-fd08-55d1-ac4c-52d545b43bd1","name":"Spica","type":"malware","source":"MITRE","software_attack_id":"S1140","tidal_id":"8a85fe96-fd08-55d1-ac4c-52d545b43bd1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Google TAG COLDRIVER January 2024](https://app.tidalcyber.com/references/cff26ad8-b8dc-557d-9751-530f7ebfaa02)]","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd525e2a-89f1-4f5f-95d8-797a6e403f75","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2be9e22d-0af8-46f5-b30e-b3712ccf716d","name":"SpicyOmelette","type":"malware","source":"MITRE","software_attack_id":"S0646","tidal_id":"b6d86cfd-4689-555e-8ac8-6b6e5c7b96c8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Secureworks GOLD KINGSWOOD September 2018](https://app.tidalcyber.com/references/cda529b2-e152-4ff0-a6b3-d0305b09fef9)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"639b17df-2c21-4702-aa21-d1d053f58934","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ecf8b878-19e5-425b-bc34-d5ed6e999fea","name":"Splashtop","type":"tool","source":"Tidal Cyber","software_attack_id":"S3046","tidal_id":"088e810a-2c4e-536d-bc08-42e8c8f75289","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"13a6912b-5f12-4e1b-805d-828fdbc049e6","name":"Splashtop Streamer","description":"","source":"Tidal Cyber","associated_software_id":"04aa2e49-be3f-4fbe-970f-a79c8a1f0463","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"45cbd136-9954-4f70-8849-6bdd3f4c50a5","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"a98b136a-7947-4b02-b0cc-d6c0e9250fde","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"bff88c5d-eff3-4b03-92e9-6f10233c056a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1c823eb3-bdec-4239-aec0-37e619f38c3d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"88ce8e6c-8fff-482d-beae-00a137e34b65","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1549ebd9-83c7-49ee-8c8e-f9961755c454","tag":"9bc47297-864d-4f39-be37-ad9379102853"},{"id":"5967df06-cf8e-46a9-a5cb-be41b932e0df","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8feaf310-f86e-4e3b-bd39-9fe5c64a4853","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"68d52c07-4334-4b2d-b85c-b4ab378d9c91","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"d410e19c-0f80-48eb-b85d-88210299d42e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"88c45844-7629-4fcc-a4e7-3f96b7ef66c0","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f18cdb21-db02-40e9-bc20-b70e3289435a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"13303649-0ffe-4717-b935-8411160ebcef","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a53fa3fe-05d2-47ea-9bca-c740d1d9ca39","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"6b09e5b0-9fe7-4ad5-bb7b-29d0c3b20e49","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"9a20c7f3-4e17-4a79-994a-c577afef5c72","name":"SplitLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3137","tidal_id":"4653802f-4e25-52b9-97c5-58f54394d6a3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a9bcfa8d-71b5-468c-8c74-129d8a4de14f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb5f7333-58c8-4382-a58a-ff722620db2b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"47f61974-e16e-4cd1-a2da-f1a6d2679d81","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"03e4d22a-83f5-46d9-9d40-d9c58a65d2cb","name":"SpnDump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3438","tidal_id":"0e7d2f5f-201c-58ee-9308-afffdb43172b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"03fad3af-308d-4a21-835c-65a3ea62cad6","name":"SpnDump.exe","description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","source":"Tidal Cyber","associated_software_id":"61ef54ac-3692-4ed1-b2ec-3bb86aafb6a4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"16cf9e0d-bc0a-486b-8e5d-e92f9b57e70e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"53faee61-9d7b-4f09-b9db-0b89b4df72d9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6c06d5c8-5515-40c1-af37-4c027c062340","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e4d20f01-92d4-4ba4-9c1a-2ef810f1fb02","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1caa73a6-fabc-487b-8b77-59f73ce0ccc2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"0fdabff3-d996-493c-af67-f3ac02e4b00b","name":"spwebmember","type":"tool","source":"MITRE","software_attack_id":"S0227","tidal_id":"b94723a2-7ec0-5f10-9425-4ee8d92ad998","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"eb22a331-3586-4baa-b17c-b31548786700","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"74af937d-83a5-446e-aee9-84281d508577","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"146bd853-166b-4859-b4d7-b70f51bfd8e9","name":"Sqldumper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3356","tidal_id":"411197de-c437-5cb9-8884-091aa12d9b62","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"11508d6e-6991-444d-81cd-a7e8f2fbd4ee","name":"Sqldumper.exe","description":"[[Sqldumper.exe - LOLBAS Project](/references/793d6262-37af-46e1-a6b5-a5262f4a749d)]","source":"Tidal Cyber","associated_software_id":"1931b352-fd83-4da0-ad18-747ffdd69f67","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"678634f0-ce3b-4e19-8a5c-f8405d6924bd","tag":"e992169d-832d-44e9-8218-0f4ab0ff72b4"},{"id":"13d450d7-6d28-418d-98af-cc098917ff1b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"db54ee5a-a787-4648-9301-5d09c09dd98b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"96c224a6-6ca4-4ac1-9990-d863ec5a317a","name":"sqlmap","type":"tool","source":"MITRE","software_attack_id":"S0225","tidal_id":"e964a62a-4731-5dfa-a2cb-27bd9e71569b","platforms":[],"associated_software":[],"groups":[{"description":"[[Rostovcev APT41 2021](https://app.tidalcyber.com/references/b6e7fb29-7935-5454-8fb2-37585c46324a)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Check Point Rocket Kitten](https://app.tidalcyber.com/references/71da7d4c-f1f8-4f5c-a609-78a414851baf)]","group_attack_id":"G0130","group_id":"e38bcb42-12c1-4202-a794-ec26cd830caa","name":"Ajax Security Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"de460f21-cb9d-4b36-8cf2-fc0337a020ba","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"5b3c03d3-9ea1-4322-a422-ab2401ffc294","name":"Sqlps","type":"tool","source":"Tidal Cyber","software_attack_id":"S3357","tidal_id":"d973f54b-7f53-5924-96ca-15c269847f84","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6826a73c-1aed-4dc5-b6db-8ba5c30c5ff7","name":"Sqlps.exe","description":"[[Sqlps.exe - LOLBAS Project](/references/31cc851a-c536-4cef-9391-d3c7d3eab64f)]","source":"Tidal Cyber","associated_software_id":"152e2ba8-bf02-42f4-abad-3205d6e8e4aa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5b4f2ba9-d587-4fec-a3db-990e17421caf","tag":"da7e88fd-2d71-4928-81ce-e3d455b3d418"},{"id":"ed6e9214-d106-48f2-afe3-17483a6fa753","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"228077c1-5eb4-4df2-9f1e-9eb4840eeeb1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"612f780a-239a-4bd0-a29f-63beadf3ed22","name":"SQLRat","type":"malware","source":"MITRE","software_attack_id":"S0390","tidal_id":"9ae292b8-4b12-56b9-8fe4-616fac5b7570","platforms":[],"associated_software":[],"groups":[{"description":"[[Flashpoint FIN 7 March 2019](https://app.tidalcyber.com/references/b09453a3-c0df-4e96-b399-e7b34e068e9d)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c26a7c29-2896-48d4-874a-822f3d35c7f4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9271e5cf-f788-4d7d-9c7a-8d5e37cbb9a6","name":"SQLToolsPS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3358","tidal_id":"e9306713-1686-538b-90b7-79d4f9f3d6cb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ca40ccd1-095f-4fc3-8ba6-fd9a402d82ba","name":"SQLToolsPS.exe","description":"[[SQLToolsPS.exe - LOLBAS Project](/references/612c9569-80af-48d2-a853-0f6e3f55aa50)]","source":"Tidal Cyber","associated_software_id":"3c46936b-f9c4-4a3a-bea7-ca48f4a0660b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"78f398ba-d891-4fbd-b6ff-566ce9d1566b","tag":"f4867256-402a-4bcb-97d3-e071ee0993c1"},{"id":"f65db025-950a-4649-9821-bcaf4a85a690","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4feaa5a8-a108-4b7c-804a-b4ce6be58337","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"13d5d060-8462-4592-8efb-2243fd2138d1","name":"Squirrel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3359","tidal_id":"32430c40-6356-539c-9779-6bd7080a69ab","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0e821c02-47ec-4d22-9bfa-a02e48cb829f","name":"Squirrel.exe","description":"[[Squirrel.exe - LOLBAS Project](/references/952b5ca5-1251-4e27-bd30-5d55d7d2da5e)]","source":"Tidal Cyber","associated_software_id":"6a3de9d5-16e9-4467-b916-d4adeff389e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5b8584f0-5ddd-4fc4-b339-5a344905b83a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"408b5777-0834-4b18-81b6-1742487b41e0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"46943a69-0b19-4d3a-b2a3-1302e85239a3","name":"Squirrelwaffle","type":"malware","source":"MITRE","software_attack_id":"S1030","tidal_id":"c32e1b26-42e3-53ad-87c9-5e52f9b074f3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"13dbada0-2372-4f84-8fa2-0617ef75b2c7","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"142e579d-6bad-43bb-974f-a26805f7bd45","name":"SRWare Iron Browser","type":"tool","source":"Trellix TIG","software_attack_id":"S3428","tidal_id":"79b9e49a-b399-532c-bace-28bfdf508cb9","platforms":[],"associated_software":[{"id":"64113dc3-8329-4d33-b426-b12a44e75b7b","name":"Iron Browser","description":"","source":"Trellix TIG","associated_software_id":"55ffa4c3-64f9-4468-bb3f-431efaa6056f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"7b607493-5035-4e29-9f95-55362f53b805","name":"ssh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3285","tidal_id":"7973e6b7-c49d-5339-830f-d786f1d1490a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8966a031-1ff0-42a6-9b32-bb818a83a23f","name":"ssh.exe","description":"[[ssh.exe - LOLBAS Project](/references/b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1)]","source":"Tidal Cyber","associated_software_id":"fa490d4d-26e4-4bb5-97b0-7bf89a8a99ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"ecf5f840-d930-4048-8376-0f03b8b17676","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"c0fa8672-7b6e-4741-aadf-76bfa3f52237","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f215c213-d1f3-4da0-8d07-63bb58987745","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"99704d92-a309-4fc8-bf43-b72e95e15d02","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"62a1cb5f-d749-46e0-b2a6-5bf8e2d0eb1a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b61a270f-107c-4978-b567-ea011396e68d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a0e52a27-f59d-4a8f-aa20-e830e4c56b17","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"31c9b3d7-76b1-4f83-9318-550058d71804","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"69d19f59-8214-418d-9b82-cd81e266e48c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"209b89e3-8fdb-41aa-86a3-ab5688abf99f","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ee37d0c-f479-45ff-a8e1-882cbde01855","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"29690ae1-36cf-4049-bc73-df359ce6f95d","tag":"64a55f86-15db-4599-b165-81be7f024397"},{"id":"362a7675-f689-434f-8c8e-5fdc2f669ec9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"686e7790-a83b-41cd-ab86-5c0dea36a458","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b85339c5-c1cc-4e31-b0fa-38d364fea1aa","name":"Sshdinjector","type":"malware","source":"Tidal Cyber","software_attack_id":"S3426","tidal_id":"396144b4-455f-5e68-aae0-01d6c9d06fa0","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"a831c07b-2a5c-4c5a-86c6-991d17357b0b","name":"SSHD Injector","description":"","source":"Tidal Cyber","associated_software_id":"fdc8afbd-c024-4a88-adbd-6fd8a970364e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Fortinet Blog February 4 2025](/references/11e51dbf-b982-462c-b19e-f8c48a66ca70)]","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"69413aa1-91a3-487b-b14f-8db655010ee4","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"},{"id":"21ee3485-95e8-4d04-88ba-caca5d4fddbf","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a8012312-1a15-413f-8648-9b24348f1cf0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"82d42410-6d45-4c0b-8149-3668e29394f6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"19b83c09-ca17-427d-8556-1e88209b78ad","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3334a124-3e74-4a90-8ed1-55eea3274b19","name":"SslMM","type":"malware","source":"MITRE","software_attack_id":"S0058","tidal_id":"dcb8cf64-e63e-5191-961d-3863d953544f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)][[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"fc18e220-2200-4d70-a426-0700ba14c4c0","name":"Starloader","type":"malware","source":"MITRE","software_attack_id":"S0188","tidal_id":"da814305-963c-5c94-a9b1-4d93fcb8c5f1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Sowbug Nov 2017](https://app.tidalcyber.com/references/14f49074-fc46-45d3-bf7e-30c896c39c07)]","group_attack_id":"G0054","group_id":"6632f07f-7c6b-4d12-8544-82edc6a7a577","name":"Sowbug","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"764c6121-2d15-4a10-ac53-b1c431dc8b47","name":"STARWHALE","type":"malware","source":"MITRE","software_attack_id":"S1037","tidal_id":"c9c2f3fe-4cb0-59ec-90c1-fd375f5abd95","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e28032c-1c65-449d-bb5a-172fa6a84428","name":"CANOPY","description":"[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]","source":"MITRE","associated_software_id":"38298e66-6bbb-4ecf-b287-ccd3e47c6cd4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd328b08-8034-463c-b21f-191940776d44","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ea561f0b-b891-5735-aa99-97cc8818fbef","name":"STEADYPULSE","type":"malware","source":"MITRE","software_attack_id":"S1112","tidal_id":"82ef30d9-0472-56d1-b002-67270321d059","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e81eb49a-1230-5fef-b55f-15046138705b","name":"StealBit","type":"malware","source":"MITRE","software_attack_id":"S1200","tidal_id":"e81eb49a-1230-5fef-b55f-15046138705b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"68071150-5fbd-4548-b628-f460001c3b71","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"7ae6b9f0-3a50-4ebc-ae2c-9569f00dbd81","name":"Stealc","type":"malware","source":"Tidal Cyber","software_attack_id":"S3060","tidal_id":"76d1d079-71d0-59c0-b9e8-d8c47320225c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"108b1dca-5a02-4360-a79c-aa3c896bd81a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"35a00a65-d889-4035-a4a8-1462eba461b8","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"39b6a948-3671-4cdb-a02c-8530ab049ff9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"39aaa970-8c33-4fd3-a7f0-4b769f301460","name":"STEALDEAL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3019","tidal_id":"c56e7a9b-de3f-53da-a21f-e8338cb67d68","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"58bafd1d-91ca-47e1-a80d-767d09b06b8c","name":"SneakyStealer","description":"","source":"Tidal Cyber","associated_software_id":"1399bdd2-4bc6-4a71-8bef-67c6c9b83925","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"618dd527-952a-41a4-85be-daabf3da03aa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"35991c88-f214-418c-b594-a09241f0886b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"3b70657d-872c-4699-8b7e-d56ea4b44ce4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9eee52a2-5ac1-4561-826c-23ec7fbc7876","name":"StoneDrill","type":"malware","source":"MITRE","software_attack_id":"S0380","tidal_id":"08b290a8-7f12-5dd3-94e1-e085f45489b5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7b763f9c-e0ea-4437-b880-19e4332173a3","name":"DROPSHOT","description":"[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]","source":"MITRE","associated_software_id":"ab440fcd-bee3-42f5-a4a9-7edfd5c3992c","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9bff239a-1def-4aeb-87a6-4a31a6a51206","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"9bfeb8a3-5a5e-4e66-acfd-0b84d74e0e0d","name":"STONESTOP","type":"malware","source":"Tidal Cyber","software_attack_id":"S3152","tidal_id":"ba66d3c1-b265-5d8c-9ce6-f5fa3dd607c4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"1b5dd4b2-625c-43b4-8381-4ea73c41b424","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f4f97f1c-531c-4533-876a-3b93e46ba1af","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"df518f15-ad32-4457-b3ef-070f5cf56992","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7430c53f-41a0-4395-88c7-fc2c34ee52c7","name":"Stordiag","type":"tool","source":"Tidal Cyber","software_attack_id":"S3286","tidal_id":"33d30ea3-9f88-5bc2-aa83-4d857a8c5e7d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18977de8-2103-4da3-8de1-9d6dd7641648","name":"Stordiag.exe","description":"[[Stordiag.exe - LOLBAS Project](/references/5e52a211-7ef6-42bd-93a1-5902f5e1c2ea)]","source":"Tidal Cyber","associated_software_id":"e93f9136-4ef0-4b23-85bd-93f2b56b2316","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"bcd794d7-1128-456e-8bc5-a8d91fd6ee33","tag":"f0e3d6ea-d7ea-4d73-b868-1076fac744a8"},{"id":"62ef2c76-265a-4b6a-9ee9-a4dc1cfe992b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"0c578c71-979b-498a-bc2e-dee1ecf7a6a6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"502b490c-2067-40a4-8f73-7245d7910851","name":"StreamEx","type":"malware","source":"MITRE","software_attack_id":"S0142","tidal_id":"8f18d221-dd0b-58e1-b967-16b891a45640","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cylance Shell Crew Feb 2017](https://app.tidalcyber.com/references/c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"65db3cca-2bc8-5e18-bca4-af230a0b220a","name":"StrelaStealer","type":"malware","source":"MITRE","software_attack_id":"S1183","tidal_id":"65db3cca-2bc8-5e18-bca4-af230a0b220a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"bd6d3b67-dfd9-4d36-b9c4-b553d6b41dfb","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"dd8bb0a3-6cb1-412d-adeb-cbaae98462a9","name":"StrifeWater","type":"malware","source":"MITRE","software_attack_id":"S1034","tidal_id":"79047bdb-280a-5f61-bacd-227715759391","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason StrifeWater Feb 2022](https://app.tidalcyber.com/references/30c911b2-9a5e-4510-a78c-c65e84398c7e)]","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e24cfba8-7b9c-42e9-9b3b-d8dbc830344a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ed563524-235e-4e06-8c69-3f9d8ddbfd8a","name":"StrongPity","type":"malware","source":"MITRE","software_attack_id":"S0491","tidal_id":"e3a69d90-6d66-5270-9578-6ab0d70286a2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Bitdefender StrongPity June 2020](https://app.tidalcyber.com/references/7d2e20f2-20ba-4d51-9495-034c07be41a8)][[Talos Promethium June 2020](https://app.tidalcyber.com/references/188d990e-f0be-40f2-90f3-913dfe687d27)]","group_attack_id":"G0056","group_id":"cc798766-8662-4b55-8536-6d057fbc58f0","name":"PROMETHIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3fdf3833-fca9-4414-8d2e-779dabc4ee31","name":"Stuxnet","type":"malware","source":"MITRE","software_attack_id":"S0603","tidal_id":"19a2edf0-39ff-5dcc-8e9d-bee6f05ba80b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18e5b628-d583-4260-8ae4-64a744f9dcfc","name":"W32.Stuxnet","description":"[[Nicolas Falliere, Liam O Murchu, Eric Chien February 2011](https://app.tidalcyber.com/references/a1b371c2-b2b1-5780-95c8-11f8c616dcf3)] ","source":"MITRE","associated_software_id":"7948eb8a-e138-4365-81c4-aac07e632912","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"5012a303-b5d1-4b72-9500-255db7639058","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"79288ea0-13a2-4f89-8d33-2372abf76869","tag":"a98d7a43-f227-478e-81de-e7299639a355"}],"owner_name":null},{"id":"b19b6c38-d38b-46f2-a535-d0bfc5790368","name":"S-Type","type":"malware","source":"MITRE","software_attack_id":"S0085","tidal_id":"26c34ee2-2375-52d8-8307-aae83e4322c5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6ff7bf2e-286c-4b1b-92a0-1e5322870c59","name":"SUGARDUMP","type":"malware","source":"MITRE","software_attack_id":"S1042","tidal_id":"8e5a384b-9b90-59bf-a71f-c3529cee2c8a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"004c781a-3d7d-446b-9677-a042c8f6566e","name":"SUGARUSH","type":"malware","source":"MITRE","software_attack_id":"S1049","tidal_id":"471de640-9a11-5be3-93bb-0725c91d62b2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6b04e98e-c541-4958-a8a5-d433e575ce78","name":"SUNBURST","type":"malware","source":"MITRE","software_attack_id":"S0559","tidal_id":"e7ed9627-f184-5922-a45c-0d5ab56d4628","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1b98b321-5262-4da9-bb56-4bca5dbe4a18","name":"Solorigate","description":"[[Microsoft Deep Dive Solorigate January 2021](https://app.tidalcyber.com/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)]","source":"MITRE","associated_software_id":"a38c6f81-a115-4f16-bcba-7d8c163d4f08","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)][[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"939b80be-d7f1-4be2-abaf-736abb43c3bb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"66966a12-3db3-4e43-a7e8-6c6836ccd8fe","name":"SUNSPOT","type":"malware","source":"MITRE","software_attack_id":"S0562","tidal_id":"58826389-2ec1-597a-b50e-b7567303c4d3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike SUNSPOT Implant January 2021](https://app.tidalcyber.com/references/3a7b71cf-961a-4f63-84a8-31b43b18fb95)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97be0ca0-b55b-4b30-a093-b090de43e045","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"},{"id":"930892b3-ddbc-4948-9280-9320d3a4ccc0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f02abaee-237b-4891-bb5d-30ca86dfc2c8","name":"SUPERNOVA","type":"malware","source":"MITRE","software_attack_id":"S0578","tidal_id":"6c974e96-5e6f-5e00-80dc-894b600271aa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a8110f81-5ee9-5819-91ce-3a57aa330dcb","name":"SVCReady","type":"malware","source":"MITRE","software_attack_id":"S1064","tidal_id":"b5836f39-46a0-5002-9b93-29ef00e02ff8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"af45aa4c-10a2-4203-9ace-7dd766126824","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"ae749f9c-cf46-42ce-b0b8-f0be8660e3f3","name":"Sykipot","type":"malware","source":"MITRE","software_attack_id":"S0018","tidal_id":"d3f18101-0b03-5225-b3a7-644e8dfb12b4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"19ae8345-745e-4872-8a29-d56c8800d626","name":"SynAck","type":"malware","source":"MITRE","software_attack_id":"S0242","tidal_id":"ac709f3b-f6e7-50f4-975a-6189530a8c60","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"07a1be9a-de88-4e48-8172-07f97276a2e3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"969038ea-1cde-4f30-aa55-d64404b6dfca","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"6af0eac2-c35f-4569-ae09-47f1ca846961","name":"Syncappvpublishingserver","type":"tool","source":"Tidal Cyber","software_attack_id":"S3382","tidal_id":"4b35ebfa-6543-5069-8a93-2fc39547c2b3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"daea197b-7684-450f-93f8-b60a0284469d","name":"Syncappvpublishingserver.vbs","description":"[[Syncappvpublishingserver.vbs - LOLBAS Project](/references/adb09226-894c-4874-a2e3-fb2c6de30173)]","source":"Tidal Cyber","associated_software_id":"815e5fef-a5fc-4c84-94d1-c57c2f9991e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dce3e3ce-54e2-41c8-97e9-c87d5b4c6bd6","tag":"9e504206-7a84-40a5-b896-8995d82e3586"},{"id":"5476f527-35eb-4ea8-b993-9791c739031a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b3e4b8ff-6e95-42ce-b38b-cde865802134","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f2928533-34e1-4599-a3ec-c8b4ef9d81b4","name":"SyncAppvPublishingServer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3287","tidal_id":"70eafa0b-7481-597f-bde2-e144c793cad5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9bd61023-e8f9-450b-9d23-299d756f3418","name":"SyncAppvPublishingServer.exe","description":"[[SyncAppvPublishingServer.exe - LOLBAS Project](/references/ce371df7-aab6-4338-9491-656481cb5601)]","source":"Tidal Cyber","associated_software_id":"3dbccfe5-d7f9-494f-9466-6aa4ca5d31c3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0c6ce266-20ff-490f-a04e-5db648b1604b","tag":"acda137a-d1c9-4216-9c08-d07c8d899725"},{"id":"020e9f3f-d744-44c1-ba92-d0c87ee230d7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ba33a3ca-7794-4f67-92fe-7258283b42ed","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"dbaf96a0-fe83-4ff1-bb16-ca357fad7f7f","name":"Syncro","type":"tool","source":"Tidal Cyber","software_attack_id":"S3397","tidal_id":"434d62bf-847e-577b-9876-fd21c602cf9a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro Royal Ransomware March 15 2023](/references/0914ce86-86f2-4f17-af37-a0d4ca9ff615)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"18a5bece-efae-4a92-af18-118974717bb9","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"42ad9d34-fdab-45da-8042-02b061094cf0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"69ab291d-5066-4e47-9862-1f5c7bac7200","name":"SYNful Knock","type":"malware","source":"MITRE","software_attack_id":"S0519","tidal_id":"faa9a241-db8b-54aa-a816-7981576defd4","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"83e42a3b-56e0-44e2-b411-69cef9c5d5da","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"}],"owner_name":null},{"id":"2df35a92-2295-417a-af5a-ba5c943ef40d","name":"Sys10","type":"malware","source":"MITRE","software_attack_id":"S0060","tidal_id":"8d1f7585-a152-5b86-b3b8-15069b24a623","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea556a8d-4959-423f-a2dd-622d0497d484","name":"SYSCON","type":"malware","source":"MITRE","software_attack_id":"S0464","tidal_id":"75ac1f60-d291-5a8a-9fd2-1467c3cdc074","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f5dbdf38-ffc4-4d0c-829a-55c34c53e38a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5d220e4f-db5f-4523-8dc5-63a604f3964b","name":"Syssetup","type":"tool","source":"Tidal Cyber","software_attack_id":"S3320","tidal_id":"3877cf89-7df4-5d69-9466-2f4cdc3f7002","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"74ae8295-00a4-4a67-8892-14cf69005892","name":"Syssetup.dll","description":"[[Syssetup.dll - LOLBAS Project](/references/3bb7027f-7cbb-47e7-8cbb-cf45604669af)]","source":"Tidal Cyber","associated_software_id":"fcadb7cd-ab8b-48e8-aee1-f8aa0ae3649d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c7e5eb05-71c7-409b-8407-354054bae594","tag":"9105775d-bdcb-45cc-895d-6c7bbb3d30ce"},{"id":"33a1fe1f-4ec5-4bbe-870e-5590c6ee0d27","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ea54bd9f-1efa-40f3-bd70-bb604ee9e7b1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c30929fb-28a1-407c-a1c3-a83374c63267","name":"SystemBC","type":"malware","source":"Tidal Cyber","software_attack_id":"S3081","tidal_id":"ed82adfc-a76e-5603-a4e2-9cfbc1505b95","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9e992775-530e-4bd6-bd0e-b02ffc650535","name":"Coroxy","description":"","source":"Tidal Cyber","associated_software_id":"bfbd9f5b-1f12-4196-a3d9-0862306cf3a9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"ce29a1e6-d1be-4a46-9ae4-ef9dbcf1d48f","name":"DroxiDat","description":"","source":"Tidal Cyber","associated_software_id":"11ea8d63-aa36-4c63-a1a3-6950edc006dd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[MSTIC DEV-0832 October 25 2022](/references/5b667611-649d-44d5-86e0-a79527608b3c)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"345bc211-50d3-44e3-9c4f-9ce2d3298e4f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"bda2fa5d-f048-454a-8146-e35d657fad6f","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"5fc68455-8dfc-4dbf-9d86-28347dd55078","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cf09b926-488c-4f41-941b-372239a39ef0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2c93b3c5-eb28-4d25-b566-2a47bbeff030","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"cecea681-a753-47b5-9d77-c10a5b4403ab","name":"Systeminfo","type":"tool","source":"MITRE","software_attack_id":"S0096","tidal_id":"dc983368-1c4b-5e7b-8445-16f7656d73aa","platforms":[],"associated_software":[],"groups":[{"description":"[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)][[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)][[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"80f52548-946d-486c-af0f-60f3524b8d56","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"7b9e8272-1eea-4769-b4c9-30eff4efcb5a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"fd07e70e-6472-4b77-b49c-79d290bdff87","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b13052a5-fe32-49bd-8047-ed53d6b95382","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"6ab6b077-acdd-49a5-9877-80f9646f304b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"841f1da7-96b1-4391-935a-5edcbf430b8b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b19666f5-73dc-4d46-b67b-f34bf38a574b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ac8c294d-f6c0-4b86-813b-21ef43168a80","tag":"7b918200-2c8d-4b86-a81b-b2bdec5b2c2b"},{"id":"8396d4ee-6b45-495c-b04b-5509aa694bbb","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f3a23ec2-7d1e-4ed8-a5dd-c75f52b3acfb","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fb7fac5a-2346-44ae-a66c-6f692e22de7f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9168e7af-9ab6-4b99-bfd1-72c2821615f3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"670dcd08-f1d0-4e1b-bb02-540e2d246559","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"aaacc007-f0d7-48e5-ac9e-a3d6d1fd5b95","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"148d587c-3b1e-4e71-bdfb-8c37005e7e77","name":"SysUpdate","type":"malware","source":"MITRE","software_attack_id":"S0663","tidal_id":"f165d3eb-f9c6-513f-910d-ae2a5cef85f3","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"93ff18e4-d69f-4388-a2bb-f5d84108a9e2","name":"Soldier","description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","source":"MITRE","associated_software_id":"0bc0c9e4-a490-4ab1-a1c2-b8fd8dda05ce","owner_id":null,"owner_name":null},{"id":"63261928-0942-43f6-a85c-5d5b1d35d260","name":"HyperSSL","description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","source":"MITRE","associated_software_id":"0bfb3ec0-ee20-4de3-a69c-096402a0298b","owner_id":null,"owner_name":null},{"id":"1dbf10c2-9b78-4bc3-9f05-f969e7205447","name":"FOCUSFJORD","description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","source":"MITRE","associated_software_id":"01924f4b-e6b3-4118-9b3d-6aac519d4774","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c5647cc4-0d46-4a41-8591-9179737747a2","name":"T9000","type":"malware","source":"MITRE","software_attack_id":"S0098","tidal_id":"6453231a-7403-5b29-9f06-743f7256fe96","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6986d5a3-c702-4ea0-b3e5-0069eaa64151","name":"TABLEFLIP","type":"malware","source":"Trellix TIG","software_attack_id":"S3411","tidal_id":"883fd631-0f9b-5b88-ba7e-566003c7f05e","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c0d0c9e7-4de7-4eb4-b8dd-df27849baac8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"ba4777f9-bb3b-4143-8062-a510c30544ce","name":"Tactical RMM","type":"tool","source":"Tidal Cyber","software_attack_id":"S3091","tidal_id":"44fc7859-76d1-5d9d-939a-106596e0bbaa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a603efb6-a635-4fd0-b8a1-e123c1185fa7","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c9b63140-4778-45df-95d2-a6c316a7522d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"23850e84-8ee5-4d35-8c2a-83bfa122b4f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5e384b2c-3ed7-40df-b197-467176cd4f95","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"72a7d59a-4f2f-4a1f-b0c4-a55da55be982","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"9334df79-9023-44bb-bc28-16c1f07b836b","name":"Taidoor","type":"malware","source":"MITRE","software_attack_id":"S0011","tidal_id":"867464e1-264b-5901-b947-16dea5f6f5bd","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"130a5491-1b93-45fd-bd72-9e5f8ddeba2a","name":"Tailscale","type":"tool","source":"Tidal Cyber","software_attack_id":"S3094","tidal_id":"acaebd1d-6986-50fc-8b6e-adddc7efbce5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3f52c280-866b-408d-b31c-b633580c4358","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ee866045-1284-4071-b275-e002ad08dce1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"4e16aaaa-785e-4bb9-bd57-596e4eae9f18","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f9630e01-7366-43fb-90fc-29b180720951","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"77bd5a00-a0b9-4327-94a1-386994657f53","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"1548c94a-fb4d-43d8-9956-ea26f5cc552f","name":"TAINTEDSCRIBE","type":"malware","source":"MITRE","software_attack_id":"S0586","tidal_id":"838b089f-3152-5c33-b3e4-19b9e06ae027","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020](https://app.tidalcyber.com/references/b9946fcc-592a-4c54-b504-4fe5050704df)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b1b7a8d9-6df3-4e89-8622-a6eea3da729b","name":"TajMahal","type":"malware","source":"MITRE","software_attack_id":"S0467","tidal_id":"563778c0-ca96-5976-8885-b93c0fe0445f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"63bd2a3f-d982-5180-b148-44eb21e233e3","name":"TAMECAT","type":"malware","source":"MITRE","software_attack_id":"S1193","tidal_id":"63bd2a3f-d982-5180-b148-44eb21e233e3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT42-untangling](https://app.tidalcyber.com/references/64b19eab-8190-5e22-89a0-f7555f9f7fa2)]","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b8c52d67-6d9e-4792-b3e9-5ea60001c390","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d00b893-7492-4a67-a9b0-d817c5a21603","name":"TAMECAT (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3149","tidal_id":"04e3325c-50a6-56d8-8542-c029cb6c87d0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8bd408bf-9f57-4fad-9862-b1993e374127","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"294b1a1c-944b-4296-83f5-6e741610efe7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c5a2f456-d89d-4d89-9b41-8a0c4e7aff7a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"65e149a8-7c78-40d0-9cc5-9f420011facc","name":"Tar","type":"tool","source":"Tidal Cyber","software_attack_id":"S3288","tidal_id":"8ea1d0a8-be1f-52b7-a04d-a66a937d2499","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c2b387e-c772-4ad7-8ee2-3954bca90a06","name":"Tar.exe","description":"[[Tar.exe - LOLBAS Project](/references/e5f54ded-3ec1-49c1-9302-6b9f372d5015)]","source":"Tidal Cyber","associated_software_id":"13f7f0ae-b228-4453-b35e-cded8c9bcbb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"2fb7b8fe-1f6f-4ed6-a60e-80325d0bc59d","tag":"25b4fafc-4691-4008-8baa-35dbbcce752a"},{"id":"b9358b4a-10c9-48da-a0b4-6bc5c07542de","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a89d85d4-8085-4f2f-a453-6cc838747928","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7bb9d181-4405-4938-bafb-b13cc98b6cd8","name":"Tarrask","type":"malware","source":"MITRE","software_attack_id":"S1011","tidal_id":"95348dc3-cb16-5c3b-beed-0ae6658b5880","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Tarrask scheduled task](https://app.tidalcyber.com/references/87682623-d1dd-4ee8-ae68-b08be5113e3e)] ","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"abae8f19-9497-4a71-82b6-ae6edd26ad98","name":"Tasklist","type":"tool","source":"MITRE","software_attack_id":"S0057","tidal_id":"a65e0169-768a-5d66-93d8-ad1739462a8c","platforms":[],"associated_software":[],"groups":[{"description":"[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)][[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8776b93a-f56b-43d9-bf55-c340d723a397","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"046a53e9-e0c7-47d5-a0c8-4e413e68c2e3","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"70f0a427-0603-48df-8831-2087dfa77354","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"10a7b7cf-ac6c-488f-82dd-758d6739e5b4","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"c9b7154b-e604-4dd2-9ed9-b35162333156","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"40ee34e6-88ef-45c2-a60d-024beb92b42b","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"eacaec40-f410-4d7d-b0e8-e76b4bd13511","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"e6f609e7-4d96-4ca5-8668-94ee9efd8de7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ff6806d4-5530-4e11-a1a4-fe646fd7f11d","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"761f13a6-763e-4aca-b5a2-e652e3c8a92b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6a62188d-1f8a-4256-84cc-88b4ccf39050","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9d8a6000-1390-40ea-9032-953695561303","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"5dc89c15-7e52-4a7b-8373-326578ff5157","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5ad6fc2e-1e5a-44f5-b277-0911e145d3d5","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"b478a6c7-a3a6-4bbf-8fb9-270bfeae57fc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"7a5d457c-949c-4e8f-817a-7e2d33f6c618","name":"tcpdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3108","tidal_id":"6bfd9b9f-d7d8-553d-a444-7a8130f38073","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4fe110d0-3309-4c05-b44f-a4e1f994daea","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"8fa96a4c-50a8-45eb-a559-73a632609cee","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f77b5bc2-2677-4e6a-93f8-f6707359fed1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2071950a-1f61-49e1-a2bd-1d2b4df7cb7a","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"d609d0a3-d8e2-44df-985f-17be2e57d26e","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b63ba70a-9b66-4679-8a30-7531cdb8e1ec","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d7b40fa6-cf63-4677-bd32-a4cc99ae6579","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"6f0b0080-501d-4377-8b4f-107b6d408f6d","tag":"02495172-1563-48e7-8ac2-98463bd85e9d"},{"id":"71b67c97-e3ed-4091-992a-d5347de1b95a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"1140696b-9362-41c2-9854-1cc0fc7c4c9d","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"cd6b9b6a-afc1-4efc-9741-d6fb4a8f1543","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"aa0b68e3-1511-4b94-8f9b-e136569289a3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"590a6b81-b374-49e0-a4c7-c8dba7316fcf","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"c62b061a-b4d0-4b28-932c-3c9423443248","name":"TDSSKiller","type":"tool","source":"Tidal Cyber","software_attack_id":"S3047","tidal_id":"9fd3b671-0933-5466-a9c6-7eda1a93f301","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ThreatDown RansomHub September 9 2024](/references/34422e6e-0e79-48ba-a942-9816e9b4ee7c)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b4a14396-6120-463c-a576-4e1a4c1f643a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"74b5f158-01e1-435c-b723-e2f5207c1c85","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"afe20fa7-8abc-43c2-a32e-b6ac32f1734f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"320f9a2f-ea18-40ce-9a8d-f5a7057494c1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3808ba6c-612f-44a9-9a27-a2b0d037686b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"2edc1b6a-7c26-46d4-bb1f-187e808c7452","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"7fdbcaf1-4924-4283-b43d-08cdd0865067","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3e89a982-68b2-4fa5-8ad5-1a6ad59e3792","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bcf3803a-21d8-457c-adeb-50a44e4b74b6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a9999c05-7261-4622-a4f2-c80b029a21c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fab87e8c-25c1-4fa7-b657-7515e8caba64","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7116740-fe7c-45e2-b98d-0c594a7dff2f","name":"TDTESS","type":"malware","source":"MITRE","software_attack_id":"S0164","tidal_id":"5f1fbbd0-921c-5415-947e-af522a0d40f6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8eef4e4b-e294-47bb-befa-9cd97ceced57","name":"te","type":"tool","source":"Tidal Cyber","software_attack_id":"S3360","tidal_id":"06cbb746-4818-5764-9a25-a993e7b3ccf1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d4bd9095-2288-4092-a689-1c2bc6c8ed25","name":"te.exe","description":"[[te.exe - LOLBAS Project](/references/e7329381-319e-4dcc-8187-92882e6f2e12)]","source":"Tidal Cyber","associated_software_id":"7f9ba4e5-1bea-4620-855c-b9cf9e97da07","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ff49d859-c55d-419a-8065-a0ae440d1111","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"10282a84-c4bc-4469-9cad-9e2c87df4f49","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"74ede7b9-3433-4e0f-95d9-637b15d35a2b","name":"TeamFiltration","type":"tool","source":"Tidal Cyber","software_attack_id":"S3501","tidal_id":"5a533b8a-55dc-5f0b-8507-fb539a2d4ab7","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"611f20c7-ce22-4ba5-9587-7cbb75398a0b","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"49233e27-6860-4986-88a2-1fef6335e633","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"4d4caec2-7d14-4e9a-8ab9-ed56e2ad3da9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"614826c5-cdb4-4cee-a5c9-ab5690a33218","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"39220aec-5aad-4363-87d9-55e7a2ee1b3b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"13221a7b-6c23-48a7-97bd-21e2c689a391","name":"Teams","type":"tool","source":"Tidal Cyber","software_attack_id":"S3361","tidal_id":"08c7f2aa-9bd5-57c6-8da5-0390acb3afa0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3f59bae3-2ebe-46d4-97dd-4e56572cd130","name":"Teams.exe","description":"[[Teams.exe - LOLBAS Project](/references/ceee2b13-331f-4019-9c27-af0ce8b25414)]","source":"Tidal Cyber","associated_software_id":"386539ac-dcd7-4484-9dcb-3e4aa849fd7c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"03318c57-5a1c-4c55-8d8a-adef84044628","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6dd08f7f-5e20-4aef-a653-43e69b7feeef","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6b5f6eb4-4cdd-4383-8623-d1f7de486865","name":"TeamViewer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3048","tidal_id":"0015ee6b-57eb-57ae-b456-69ecd97260f2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET EvilNum July 2020](/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Securelist Kimsuky Sept 2013](/references/f26771b0-2101-4fed-ac82-1bd9683dd7da)][[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Secureworks BRONZE PRESIDENT December 2019](/references/019889e0-a2ce-476f-9a31-2fc394de2821)]","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Group IB RTM August 2019](/references/739da2f2-2aea-4f65-bc4d-ec6723f90520)]","group_attack_id":"G0048","group_id":"666ab5f0-3ef1-4e74-8a10-65c60a7d1acd","name":"RTM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Group IB Cobalt Aug 2017](/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Group-IB Anunak](/references/fd254ecc-a076-4b9f-97f2-acb73c6a1695)]","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The Register Everest Ransomware October 12 2023](/references/04bf21c9-1670-41d7-b52c-0e31ad846b43)]","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3083","group_id":"3444e9ed-d79a-4c53-90a2-a3bd2fcc3f7c","name":"PLUMP SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"882538c6-339e-45dc-9714-a9d2953e1aa0","tag":"224f0291-af3d-47e5-a259-4bfcb642645a"},{"id":"9c8d1dd5-71a3-4249-a1e5-14bc49266180","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6fb2e9bb-03a6-4612-8d7b-ebdc3bcee6c1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"991e9494-3acb-4981-a9f1-51ccc07c9dac","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"84b607c1-9c71-4583-9131-e8bb654014f8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"a3f28b9f-b35c-4b3e-b178-e48741620d7b","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"38b49e4d-4d70-42ab-ae17-702971f237d2","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"90e54c90-0090-44c9-a914-6a47ae2b4b74","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2c535e8e-7faf-46a2-a810-4bef8bbb9c8b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"23a32d56-8d58-4f46-a360-4a056d23266d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"955d3c01-ecef-4fe9-8a22-5d9148a25905","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"045a9502-b652-42aa-af02-50c519466269","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"bae20f59-469c-451c-b4ca-70a9a04a1574","name":"TEARDROP","type":"malware","source":"MITRE","software_attack_id":"S0560","tidal_id":"723646ed-f595-5497-a2d7-59c3bba4728e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)][[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)][[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)][[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d82365b0-518b-4ad6-86d3-32ee7ca1d725","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1cb01fde-0d01-426a-a3c6-b5591d2e17c7","name":"Telegram","type":"tool","source":"Trellix TIG","software_attack_id":"S3386","tidal_id":"6f74ba73-f616-5a43-a86a-4f2dc94f44ea","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"b9a98499-c984-4199-ae64-d1381ebbaa1f","name":"Teleport","type":"malware","source":"Tidal Cyber","software_attack_id":"S3051","tidal_id":"466f7d18-1011-5e3b-ad92-e551ddf42a21","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3c5cb499-a89a-454b-b85c-a9f3b348edd4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bf81ff6b-1745-4cc8-a91c-263b2632845a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2f530335-ddfa-4a6b-96ed-c9be3ceb0925","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":"TidalCyberIan"},{"id":"98bf86f8-00c8-4428-a288-9a44545050a2","name":"Teleport.sh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3513","tidal_id":"02ab9dd9-7f69-5478-a6f8-3decd5e87c80","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ab02a741-04ab-43d6-b554-b667023f03b6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"33149b1b-d859-4d54-8a44-d4f2599447a3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3ffdd48e-0e3c-4439-8e2b-380fae3d6c81","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"70507321-07e6-4cdd-9bd0-9988f477c1ce","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ededdc21-770c-4895-a36f-330b0cfabf78","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f2619c68-30da-4a0a-991e-ea97bfaa6da9","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"ac792eff-c684-4a55-a5db-b1031ac4fb29","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"41730029-aa2b-4a15-b682-6eef2c66bbc9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ecc0615f-106d-492a-952d-f26cdac143dd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"5cd0db7a-d47d-479b-89ac-9e78dfc0cd9d","name":"Terminator","type":"tool","source":"Tidal Cyber","software_attack_id":"S3122","tidal_id":"531c6ff6-49dc-5bd1-a720-2baad331a8d5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a5c8a0d7-e015-4190-b3a3-b9bea96a397b","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fb3777b6-922c-40e7-be12-00051d4627d9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7bc48c99-8b71-4fcb-887a-6d71ed21c26b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"51a9d952-4cc3-4c4c-8f43-f4c25f44d830","name":"Termite Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3415","tidal_id":"ed463b82-7984-51d9-a076-3c79282e7f61","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Infosecurity Magazine December 9 2024](/references/1a3f22b7-8585-44b7-845a-eaa13d8a5dc1)]","group_attack_id":"G3067","group_id":"286da832-f055-4ca4-a52a-9eb62461dc48","name":"Termite Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23ef3dcc-0115-4663-8ca4-b0b8bb9d8eca","tag":"d92fd4ee-09aa-4a32-9058-cd23f0c6238a"},{"id":"1f05573d-b80f-449d-bded-38501682a1dd","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"6b0ea53d-7efc-4835-90f5-cdb49d44f3f8","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e30b4079-ee08-443d-af62-81eb4546862e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e57b9d36-be17-4e04-a9d7-1272d6e6b63b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2143f749-d7b8-43c0-8041-8aeb486142c2","name":"TestWindowRemoteAgent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3362","tidal_id":"0f09e7bd-c93d-5ed8-a0ff-ced1eb0c6f50","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c5f2f005-8e6e-4f0a-8f15-532e40fca1a7","name":"TestWindowRemoteAgent.exe","description":"[[TestWindowRemoteAgent.exe - LOLBAS Project](/references/0cc891bc-692c-4a52-9985-39ddb434294d)]","source":"Tidal Cyber","associated_software_id":"fcf88411-e0c2-403a-aa70-dc75fd1d488b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dd5317f7-7a79-4e13-abfc-8031fc5bef2f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"9175fe04-9a1b-48bd-85a7-afe168ee7bc0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"49d0ae81-d51b-4534-b1e0-08371a47ef79","name":"TEXTMATE","type":"malware","source":"MITRE","software_attack_id":"S0146","tidal_id":"29f6fcf4-1a69-539b-ac0e-057624eb6480","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1b0ec06d-0748-42ea-912f-e23f14d94b95","name":"DNSMessenger","description":"Based on similar descriptions of functionality, it appears S0146, as named by FireEye, is the same as Stage 4 of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. [[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)] [[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]","source":"MITRE","associated_software_id":"6812793e-6342-4da6-b77f-ed29fab1fd9a","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c5bbffad-2eb7-45fc-b366-17491768b2d7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2ed5f691-68eb-49dd-b730-793dc8a7d134","name":"ThiefQuest","type":"malware","source":"MITRE","software_attack_id":"S0595","tidal_id":"54bd1a23-36fa-534d-af12-63b92110224b","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"cf6ccd95-6883-4dfb-bebf-c4c387a702c9","name":"MacRansom.K","description":"[[SentinelOne EvilQuest Ransomware Spyware 2020](https://app.tidalcyber.com/references/4dc26c77-d0ce-4836-a4cc-0490b6d7f115)]","source":"MITRE","associated_software_id":"6979dd37-4c1c-48bf-a0e1-c8f2a0606962","owner_id":null,"owner_name":null},{"id":"d10f0e4b-613c-4eca-8119-51837c58ba99","name":"EvilQuest","description":"[[Reed thiefquest fake ransom](https://app.tidalcyber.com/references/b265ef93-c1fb-440d-a9e0-89cf25a3de05)]","source":"MITRE","associated_software_id":"6161f604-0972-427e-802e-b5ac009b94fe","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"d5d93660-ff28-4a93-88ef-15e392a6aca4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f8a3d9bc-a24e-4349-9a12-b007a976aad7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"17a96364-ef1c-421c-865c-2705c4e25636","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"6ffd030d-4ad6-44d1-be54-6586c7cd70c8","name":"THINCRUST","type":"malware","source":"Trellix TIG","software_attack_id":"S3457","tidal_id":"9b9b4233-f8c5-5575-8ebc-22bd55e217da","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1c0956bb-e1da-4c17-bf1a-802d68f1fa59","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"c1e0eeb4-f462-46fc-bf0b-ed9a9307a968","name":"ThinSpool","type":"malware","source":"Trellix TIG","software_attack_id":"S3471","tidal_id":"01cd3b88-4d44-5382-910b-db8ccdde7f12","platforms":[],"associated_software":[{"id":"66b9387c-ba76-4bae-958b-3d2a010bb7c5","name":"Thinspool Dropper","description":"","source":"Trellix TIG","associated_software_id":"1b8baefd-4771-4dc4-aec4-4f34e0e18612","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"d76edf02-5a92-4acf-ba34-a6b9f45cf9af","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"b31c7b8e-dbdd-4ad5-802e-dcdc72b7462e","name":"ThreatNeedle","type":"malware","source":"MITRE","software_attack_id":"S0665","tidal_id":"9d114eb9-ea66-5671-99c5-b1aa1d98ed36","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky ThreatNeedle Feb 2021](https://app.tidalcyber.com/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8fe38eda-30be-4c88-ae76-ac6ebc89d66b","name":"ThunderShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3049","tidal_id":"b7513446-83e9-5c61-9db6-00ba22145624","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"18b4b32c-29ea-4d9c-9f35-be531bf54a76","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7af56b2f-1fd6-48fc-a519-26d20a3422a7","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"dd6fa047-7347-4d6f-8711-7ffe5ddff95d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"adc73117-a704-4c8b-879b-f738550cee73","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8cb826c7-05d5-48b1-8e8d-87b68bc25355","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"c975f502-831f-4724-8491-bdbd956623e3","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5cddc325-d9e2-4a42-ad88-0a44f7b3a35e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5533ba4a-8d8b-4ad0-8ea0-713e036f17bb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f73fffb6-1df3-4af6-8590-617f4c9c73d5","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e5533e56-e9b5-4583-bd89-b65aee24bc2c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"66ac8d9b-c18d-4652-9a46-8621fc1a3ea9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b39d2bea-83f4-4450-b331-3c39dff89ee8","name":"Tickler","type":"malware","source":"Tidal Cyber","software_attack_id":"S3150","tidal_id":"0b9b847d-6193-5c0e-89dc-0bf2163a9e96","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog August 28 2024](/references/940c0755-18df-4fcb-9691-9f2eb45e6441)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"33709ca4-3a8c-406d-85fd-33e949eb27c9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f5583db1-8450-49d3-bc70-a8bc80d6c585","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"808bd71d-853f-42c2-aeea-100636955bf4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6b0d5be9-5305-4b45-bed9-43dee66b85e8","name":"TightVNC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3054","tidal_id":"9a79f382-c86b-524e-bad2-b340ac25a838","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[BianLian Ransomware Gang Gives It a Go! | [redacted]](/references/fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Carbon Spider August 2021](/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8370188d-f29d-4f07-95b0-593e50976df5","tag":"cb35f72d-c98a-4018-ba66-8750533bc8fa"},{"id":"799b6b47-50bb-4ca7-b188-bf479793d88a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"06d24075-6238-4a54-8d3f-e77e58a75c0a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"00be21bb-73d8-4e44-9679-a075117ec2f3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3092e060-7318-4598-9de0-8b08a927f0a6","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2ec8bd6-398f-415c-b5f4-68e3154943c4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"48f23447-8fe6-4b2c-b1c4-501f8f7e4e6b","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"abb77e23-eb45-41f1-9851-2c0c1aa0a91e","name":"TinyShell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3419","tidal_id":"1faafb52-5b9f-52f3-af88-650f4358f487","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4ca5613f-8944-4eb2-bd4e-9c4836899947","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a8a50a42-08a9-49ad-bb2d-fb4e9ef837b9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9f902981-e02f-4754-ae3c-ab41f33b2d53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5f303902-f1eb-4700-b263-44d4f7fb6162","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"39f0371c-b755-4655-a97e-82a572f2fae4","name":"TinyTurla","type":"malware","source":"MITRE","software_attack_id":"S0668","tidal_id":"bf1ca16c-5a64-52ac-8ea1-49d737d2c27a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9889e4c5-0a67-43de-b89e-6841abade428","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0e009cb8-848e-427a-9581-d3a4fd9f6a87","name":"TINYTYPHON","type":"malware","source":"MITRE","software_attack_id":"S0131","tidal_id":"62d34472-0f5e-5d9f-b176-7ac31400e250","platforms":[],"associated_software":[],"groups":[{"description":"[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e2b30f43-7a4b-4836-86eb-56ce7a2e840a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"277290fe-51f3-4822-bb46-8b69fd1c8ae5","name":"TinyZBot","type":"malware","source":"MITRE","software_attack_id":"S0004","tidal_id":"edf52fea-6c84-5ea3-8c9c-1d599900194a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b39590ee-32f0-44c7-8fea-fa485dee2d87","name":"TODDLERSHARK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3420","tidal_id":"4c54d2ea-b71a-501a-bd67-b0bd91ea9665","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"50ccc7ae-54fb-4906-a040-2b902c7b5f50","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4c896b43-f88c-4d24-b3f1-97888b63844e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"855a36fa-5a57-4c3b-a61c-fa2d3a38b653","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eff417ad-c775-4a95-9f36-a1b5a675ba82","name":"Tomiris","type":"malware","source":"MITRE","software_attack_id":"S0671","tidal_id":"47073729-8b45-5a8b-bf5a-d715817f107b","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"c3511ec8-d1cd-4374-9280-a315fbf23fe3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"8c70d85b-b06d-423c-8bab-ecff18f332d6","name":"Tor","type":"tool","source":"MITRE","software_attack_id":"S0183","tidal_id":"f5e728b0-97bf-5611-8735-5ab9ff61858b","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[DoublePulsar Cyber Toufan](/references/2fc1f6de-e01c-4225-bd29-8d547bf91e9e)]","group_attack_id":"G3048","group_id":"42a7c134-c574-430b-8105-bf7a00e742ae","name":"Cyber Toufan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)][[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)][[SentinelOne INC Ransomware](https://app.tidalcyber.com/references/5f82878b-2258-5663-8694-efc3179c1849)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cyber Express KillSec June 26 2024](/references/9afb764a-84fb-4fea-b925-d7d36a24ac14)]","group_attack_id":"G3065","group_id":"0ed0c954-780d-46a7-a955-f1f4dc91f0ac","name":"KillSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bc93bfce-a68f-4f32-bd9d-82ca80bd867f","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"4614ca9b-fad2-4122-a1bb-484453d0e610","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a200f7b5-227f-4fa1-8a8f-8feedd737b12","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"9c955368-b026-4cf9-9ba8-1e01edd142ef","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"506f37b0-6ea8-4849-b743-3d714cba45c6","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5864fb8d-36c0-4563-a436-88603f8c7725","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"5ba02d7c-69b9-451c-b7b1-f48e468df149","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e480b6e0-448f-4923-b47e-41204c7182f1","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"788c0253-9bd8-486c-ad52-2af6e0942392","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4e5b949c-0574-4a65-9548-3d43aafcbfb2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"976ba673-92ec-4414-82f4-fad494033f4a","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"89a47daf-af81-4db3-9559-009ebe01084f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"412be82c-f028-4c12-bf02-f6a729dfe01c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"99b870d1-abbb-443b-b65b-b5af40158ede","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"4bce135b-91ba-45ae-88f9-09e01f983a74","name":"Torisma","type":"malware","source":"MITRE","software_attack_id":"S0678","tidal_id":"43103023-7c74-59a2-8fab-e8bbd93c7b5b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e7ab48d1-f705-4e69-812a-68e14d2a00f6","name":"touch","type":"tool","source":"Trellix TIG","software_attack_id":"S3455","tidal_id":"b6932f12-d411-5a9b-b975-997c156aae2d","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"551bc0d3-3566-4857-87b2-fe45ae84661c","name":"TOUGHPROGRESS","type":"malware","source":"Tidal Cyber","software_attack_id":"S3491","tidal_id":"0444ca99-01c5-544c-8587-429d97b45806","platforms":[{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Google Cloud May 28 2025](/references/def3e3dd-8136-4714-a58f-ffbd00066dc0)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bfd145b1-e5cd-4b30-820a-013112274d7b","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"33473774-b1fd-4e08-9355-8e7f08b5b30f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"2f95dff0-3e25-4b2d-9cee-8797ea58ec7c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0efb1883-2af3-43a6-abaf-26da8cca82bb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"77d3247c-e8b9-4a95-a764-4ea6d70422a9","name":"Tox","type":"tool","source":"Trellix TIG","software_attack_id":"S3390","tidal_id":"e0aaf9b7-69d3-5008-829d-00a1b658c182","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"62ebde4b-4936-49f6-842b-8c0313ea26f5","name":"Tracker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3363","tidal_id":"214b45d5-25da-5c6f-9908-9d4feebeae93","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"02b85713-d721-4948-95a6-91a636ddc49a","name":"Tracker.exe","description":"[[LOLBAS Tracker](/references/f0e368f1-3347-41ef-91fb-995c3cb07707)]","source":"Tidal Cyber","associated_software_id":"5ad5e21b-789e-4b4e-92d3-377140d7274a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"55ddeac7-4be9-4ece-8816-f9ede613f74e","tag":"3c9b26cf-9bda-4feb-ab42-ef7865cc80fd"},{"id":"39a7b6d5-a2bd-41ca-b66b-6dd0f9523fe1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"89e3b8bf-88ca-42bf-82b9-a862dbc5ecac","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a6ae9f8-5f8b-4e94-8716-d8ee82027197","name":"TrailBlazer","type":"malware","source":"MITRE","software_attack_id":"S0682","tidal_id":"573c26ec-6191-5624-a026-681f46091c60","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b96d9a3e-be57-402d-a3dd-0a04c3b135ad","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6517296a-ec11-57c0-881c-6b62239ede92","name":"TRANSLATEXT","type":"malware","source":"MITRE","software_attack_id":"S1201","tidal_id":"6517296a-ec11-57c0-881c-6b62239ede92","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Zscaler Kimsuky TRANSLATEXT](https://app.tidalcyber.com/references/7ee5dc4e-1c53-5f12-806d-37b290c6f569)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c2bd4213-fc7b-474f-b5a0-28145b07c51d","name":"TrickBot","type":"malware","source":"MITRE","software_attack_id":"S0266","tidal_id":"68210e70-1e4f-5138-9a3f-2e5e2e43bc66","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fd5c3f7d-a11a-405f-bac5-fb4017edef1b","name":"Totbrick","description":"[[Trend Micro Totbrick Oct 2016](https://app.tidalcyber.com/references/d6419764-f203-4089-8b38-860c442238e7)] [[Microsoft Totbrick Oct 2017](https://app.tidalcyber.com/references/3abe861b-0e3b-458a-98cf-38450058b4a5)]","source":"MITRE","associated_software_id":"aabae1a3-d831-46f4-a65f-ab31f03fd687","owner_id":null,"owner_name":null},{"id":"5ff9588f-51e1-4e65-957b-d7331a1e8e1b","name":"TSPY_TRICKLOAD","description":"[[Trend Micro Totbrick Oct 2016](https://app.tidalcyber.com/references/d6419764-f203-4089-8b38-860c442238e7)]","source":"MITRE","associated_software_id":"4a8dc24e-e942-46f3-8026-91c1ed059bbb","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)][[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)][[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)][[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)][[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint TA505 Sep 2017](https://app.tidalcyber.com/references/c1fff36f-802b-4436-abce-7f2787c148db)][[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"62254dfe-79c5-476b-bfed-ab28b8bf767e","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"1b2dbd6c-73c1-4f18-8d27-6c58f9d58058","tag":"c4b34e5f-79a2-4645-9e58-3b20a1ac93b6"},{"id":"34eca458-6ee8-47b6-8f47-f1eb3c63edc1","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"b88c4891-40da-4832-ba42-6c6acd455bd1","name":"Trojan.Karagany","type":"malware","source":"MITRE","software_attack_id":"S0094","tidal_id":"4c81565d-a01d-518e-8e58-28d67cabb5f6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"25984079-3d11-4cee-ad8c-af969f8552a8","name":"xFrost","description":"[[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)]","source":"MITRE","associated_software_id":"e8b885ae-4bf3-42c0-8b9e-a410c08eb441","owner_id":null,"owner_name":null},{"id":"b63763ce-e59e-49ef-891c-0eef6d0cbb46","name":"Karagany","description":"[[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)]","source":"MITRE","associated_software_id":"0ef3a4a1-cad0-45da-9eea-70f85cd888af","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Symantec Dragonfly](https://app.tidalcyber.com/references/9514c5cd-2ed6-4dbf-aa9e-1c425e969226)][[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)][[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f8a4213d-633b-4e3d-8e59-a769e852b93b","name":"Trojan.Mebromi","type":"malware","source":"MITRE","software_attack_id":"S0001","tidal_id":"84a9e369-2b4c-56af-a5d9-4430e4efa740","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9d4c38dc-6549-5bde-9ce4-a54ae8ca596e","name":"Troll Stealer","type":"malware","source":"MITRE","software_attack_id":"S1196","tidal_id":"9d4c38dc-6549-5bde-9ce4-a54ae8ca596e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Troll Stealer](https://app.tidalcyber.com/software/9d4c38dc-6549-5bde-9ce4-a54ae8ca596e) is exclusively linked to [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.[[S2W Troll Stealer 2024](https://app.tidalcyber.com/references/5fbb0dcb-c882-597f-ade8-4b8afb8b55a8)][[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)][[ASEC Troll Stealer 2024](https://app.tidalcyber.com/references/6c4b92ae-93d4-5851-9cbb-c98e6603b870)]","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f037a25b-5f66-4d0f-9490-6a2d74febf89","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"669f8b7a-2404-47ab-843d-e63431faafec","name":"Truebot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3005","tidal_id":"c0aa9c93-2d13-5cd9-9847-5902ef64a18b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cb17c165-c322-4d9b-a9ca-4e154db499ff","name":"Silence","description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","source":"Tidal Cyber","associated_software_id":"ba587d52-2ee7-4539-9499-aa9338b8c7f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"550ffac8-104c-4089-8800-dcae577e5cad","name":"TRUECORE","description":"[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","source":"Tidal Cyber","associated_software_id":"7393cb6b-37a3-4f15-8a03-416b14711c2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)][[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA CL0P CVE-2023-34362 Exploitation](/references/07e48ca8-b965-4234-b04a-dfad45d58b22)][[Cisco Talos Blog December 08 2022](/references/bcf92374-48a3-480f-a679-9fd34b67bcdd)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7644853-5e0e-4aff-a345-52fd86080f08","tag":"4e00b987-cd79-4b6a-9afe-c3b291ee2938"},{"id":"113a7e36-16e6-47ce-a9bd-2d236bbd5ebc","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"637a4a9b-4b15-468d-9a84-791585d6ce09","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0f485fe0-fd86-48b7-8099-6c9bad205bdc","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"78803ec4-a76c-4b95-92ac-f9eff567790b","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"c0813ed1-2858-4b68-ab5a-31b049fd1cc8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"6c6f70ab-191d-4806-ba78-cfaf1721a120","name":"TrueSightKiller","type":"tool","source":"Trellix TIG","software_attack_id":"S3420","tidal_id":"ca3719bf-9d53-5f2c-9176-bec8b2a2167d","platforms":[],"associated_software":[{"id":"3999fd4c-c41f-4fd7-aaa6-042053219af0","name":"TrueSightKiller.exe","description":"","source":"Trellix TIG","associated_software_id":"0c4aa736-7d8e-43b3-8e59-bda8f9b9ac80","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c3eeeff3-260c-42f1-9c16-4ed643124b8f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"50844dba-8999-42ba-ba29-511e3faf4bc3","name":"Truvasys","type":"malware","source":"MITRE","software_attack_id":"S0178","tidal_id":"50216354-23f1-51c2-9263-d57ac59cae26","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft NEODYMIUM Dec 2016](https://app.tidalcyber.com/references/87c9f8e4-f8d1-4f19-86ca-6fd18a33890b)][[Microsoft SIR Vol 21](https://app.tidalcyber.com/references/619b9cf8-7201-45de-9c36-834ccee356a9)]","group_attack_id":"G0056","group_id":"cc798766-8662-4b55-8536-6d057fbc58f0","name":"PROMETHIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9872ab5a-c76e-4404-91f9-5b745722443b","name":"TSCookie","type":"malware","source":"MITRE","software_attack_id":"S0436","tidal_id":"31aa7efc-b4b8-5dc3-92e5-d8608a824810","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[JPCert TSCookie March 2018](https://app.tidalcyber.com/references/ff1717f7-0d2e-4947-87d7-44576affe9f8)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"57f9458f-4dad-411e-9971-8e3e166f173b","name":"TShark","type":"tool","source":"Tidal Cyber","software_attack_id":"S3109","tidal_id":"17fd42de-7c2c-5ab3-8fe4-ed303c3965d0","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"56768f37-1968-4846-ab84-5976ab22249a","tag":"e1be4b53-7524-4e88-bf6d-358cfdf96772"},{"id":"2b3754d2-7e9c-4eae-8d27-31c3cc981bd9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"319a553e-0085-4c8e-afad-f7ef63528267","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e5d73b67-87ee-42fc-9ff1-82abe5c6515b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"7bd9859e-4260-4c86-903b-1f8bcf658da1","name":"Ttdinject","type":"tool","source":"Tidal Cyber","software_attack_id":"S3289","tidal_id":"fb45d393-8328-56dc-857c-bb95824dc390","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd67cca2-9310-4b73-943d-06a57297ad34","name":"Ttdinject.exe","description":"[[Ttdinject.exe - LOLBAS Project](/references/3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d)]","source":"Tidal Cyber","associated_software_id":"05cf2d78-08e4-4a20-ae82-64ff4a3c9c33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a8b9c13a-4894-44a4-a646-b7e7e0238183","tag":"fc67aea7-f207-4cf5-8413-e33c76538cf6"},{"id":"d35027b2-8338-4ab7-8998-2d27abe447a4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c541cc0e-a883-4110-81df-1dee5e9ae827","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ab06ccb0-21c7-4d84-99ff-3349ce476910","name":"Tttracer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3290","tidal_id":"4c3632bb-97c0-5932-a3e5-f3705020aa86","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3a6e4af2-0bde-43e5-9eb4-c1e867091be6","name":"Tttracer.exe","description":"[[Tttracer.exe - LOLBAS Project](/references/7c88a77e-034e-4847-8bd7-1be3a684a158)]","source":"Tidal Cyber","associated_software_id":"148072af-ae62-419f-9c3a-3b9dc4c25a24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7223d20d-d98e-4942-bdb9-a2890d29807c","tag":"3c4e3160-4e82-49ce-b6a3-17879dd4b83c"},{"id":"5d7fe50b-53ce-45fa-b69a-bceffd53d0ba","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f4161db7-1ccb-4a85-912c-171a746d6bb0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"571a45a7-68c9-452c-99bf-1d5b5fdd08b3","name":"Turian","type":"malware","source":"MITRE","software_attack_id":"S0647","tidal_id":"3d6a3f47-938d-55a1-839d-b4d6f850a6fa","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Envoy Panda Profile](/references/44879a86-9eda-4934-bfc4-cbc643ab113a)]","group_attack_id":"G3086","group_id":"ff71ddce-9e70-4aeb-b7df-9d1637be72bc","name":"ENVOY PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"c7f10715-cf13-4360-8511-aa3f93dd7688","name":"TURNEDUP","type":"malware","source":"MITRE","software_attack_id":"S0199","tidal_id":"f2eb151b-5bb1-5665-9812-29f5d64cad67","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)][[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)][[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2a0a9fc7-3464-45b7-9626-bf68e563e97f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6c93d3c4-cae5-48a9-948d-bc5264230316","name":"TYPEFRAME","type":"malware","source":"MITRE","software_attack_id":"S0263","tidal_id":"1ad2825e-2c8b-55ee-92a6-4bdb0319c738","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT TYPEFRAME June 2018](https://app.tidalcyber.com/references/b89f20ad-39c4-480f-b02e-20f4e71f6b95)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e554df78-1d28-4838-8d7b-6e17cf6c919f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5788edee-d1b7-4406-9122-bee596362236","name":"UACMe","type":"tool","source":"MITRE","software_attack_id":"S0116","tidal_id":"8451f8c9-4af2-5bf9-b685-23fcceb74b40","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"0b07a32e-b4b3-4601-a134-76440aea0870","tag":"8450b5c7-acf1-41df-afc2-5c20e12436c0"},{"id":"590e81f0-1289-4a57-b1fb-0c2b415133d2","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"725c383f-f623-4ec7-84a7-519718eb9d6e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"5214ae01-ccd5-4e97-8f9c-14eb16e75544","name":"UBoatRAT","type":"malware","source":"MITRE","software_attack_id":"S0333","tidal_id":"cf20eecc-1805-54de-82a3-1f142f964476","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"227c12df-8126-4e79-b9bd-0e4633fa12fa","name":"Umbreon","type":"malware","source":"MITRE","software_attack_id":"S0221","tidal_id":"e832c7b0-490d-54d9-876f-6e0faf32e9a4","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8f7fd280-2a0c-4820-a51b-da2c68278766","name":"uname","type":"tool","source":"Trellix TIG","software_attack_id":"S3392","tidal_id":"6da60714-3b4a-5a8d-898e-0d2692c4f95c","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4504fe05-daef-4eed-a047-b1f4134e6734","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d876bb61-3122-44e7-ace4-f473a7b30f58","name":"Universal Virus Sniffer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3116","tidal_id":"f7782d1e-79b5-597d-9ead-6d3a84b98dc3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4428d95a-3620-47b8-bdce-a54c80a41195","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"bf5a081a-0f76-4c6e-b0b6-96d98ddeaded","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"321d9b6e-e27f-4518-8774-25ad074ff1fd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1c3c66c7-52c7-4f5a-bbd5-d0b7dafad49d","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"adbcb07a-726c-4eb6-aa03-ad0b723fb442","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"feac7621-2962-402c-8b3c-b7f0d70542d8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"846b3762-3949-4501-b781-6dca22db088f","name":"Unknown Logger","type":"malware","source":"MITRE","software_attack_id":"S0130","tidal_id":"ea519615-dfd4-5bd5-a9f6-042dbe667811","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"456fb5b3-76e5-47f4-b964-09d68adb889e","name":"Unregmp2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3291","tidal_id":"7016a7d2-7a75-51f1-8e29-cd15c3f7c6f7","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ea54431-cad2-4f16-939c-d7c5c046fcf9","name":"Unregmp2.exe","description":"[[Unregmp2.exe - LOLBAS Project](/references/9ad11187-bf91-4205-98c7-c7b981e4ab6f)]","source":"Tidal Cyber","associated_software_id":"824e7a25-83a0-4037-b0b5-af5fa1ed299a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"9d079d92-7f15-4461-ab55-99d9f0d2dbb2","tag":"40f11d0d-09f2-4bd1-bc79-1430464a52a7"},{"id":"882791c7-3aa3-4403-8321-05684a8ba244","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7a13cafc-f240-462d-88db-bcfcb613d0ab","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"487d4c42-12ee-4c90-b284-cca04dadb951","name":"Update","type":"tool","source":"Tidal Cyber","software_attack_id":"S3364","tidal_id":"056aac4f-9baf-554a-9507-2babdddac2bb","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a6f0c9e1-738d-4643-84e9-54bf9b379c32","name":"Update.exe","description":"[[Update.exe - LOLBAS Project](/references/2c85d5e5-2cb2-4af7-8c33-8aaac3360706)]","source":"Tidal Cyber","associated_software_id":"c24db3d2-308c-4c4e-a6dd-58258013dc7e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"54a75ce9-292f-4a8f-9f6f-d7229031a0f6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b42ecca4-7406-4d30-8967-ff20891448ff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a3c211f8-52aa-4bfd-8382-940f2194af28","name":"UPPERCUT","type":"malware","source":"MITRE","software_attack_id":"S0275","tidal_id":"f6a4ad56-b2da-58c3-aef5-2b0e2151f3fa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5bdab850-14c7-42b5-a5f1-7a50221586c7","name":"ANEL","description":"[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]","source":"MITRE","associated_software_id":"d41b4a6c-7b79-494f-92e3-ea56db4cf988","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d4f729ef-bddc-4c72-911b-00cc124ce139","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ce0e1ace-5cd7-55ab-848d-9cd449c7b02c","name":"UPSTYLE","type":"malware","source":"MITRE","software_attack_id":"S1164","tidal_id":"ce0e1ace-5cd7-55ab-848d-9cd449c7b02c","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"222b10cb-4c04-476d-a4b1-10f611b6062c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"10405d32-26a6-419b-9dde-4ac337bfe2f4","name":"UPX","type":"tool","source":"Tidal Cyber","software_attack_id":"S3410","tidal_id":"ec3db898-5c79-5b31-868e-8d09f3724a62","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0a1cb3ff-f158-40c6-bc4e-683e4d7ed553","name":"Ultimate Packer for eXecutables","description":"","source":"Tidal Cyber","associated_software_id":"63b1d133-2db2-4098-a358-1c71bf0ca248","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a0a9e9b-72ea-446a-b894-dee54076f456","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"5868955b-e04e-4256-b969-2d3aa161470e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b542d487-bbf9-4a69-9c1d-403ca2fa2414","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e974f698-1288-4b67-b31b-6a4ea96bd571","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c094b8f7-b81b-4db4-81ce-0593dd5de766","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"aeb6c961-00d3-4262-87ff-a4df4fa78be3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"96e24cc0-f1ce-4595-90c4-5a4976394db8","name":"Url","type":"tool","source":"Tidal Cyber","software_attack_id":"S3321","tidal_id":"80b377c5-b0ff-5673-b725-36295c72a27b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"def4064a-304e-4e84-8456-51fe980ba1f2","name":"Url.dll","description":"[[Url.dll - LOLBAS Project](/references/0c88fb72-6be5-4a01-af1c-553650779253)]","source":"Tidal Cyber","associated_software_id":"274b601e-bc26-45b5-9532-3eca488c2c4a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"08ddf9a9-7a55-4d13-b9e2-1537506f7c08","tag":"34505028-b7d8-4da4-8dee-9926f3dbd37a"},{"id":"1b39329d-d1d2-4997-a58c-c8e70aeace5a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2c7c8bb4-9c7d-4eb4-bacd-30a89559088a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"89ffc27c-b81f-473a-87d6-907cacdce61c","name":"Uroburos","type":"malware","source":"MITRE","software_attack_id":"S0022","tidal_id":"5ea01fc1-ec1f-5e47-bb11-0433a7fede7a","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"68853d9e-2716-56bd-8074-b68e83dbb9db","name":"Snake","description":"[[Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023](https://app.tidalcyber.com/references/1931b80a-effb-59ec-acae-c0f17efb8cad)]","source":"MITRE","associated_software_id":"d2f34441-00b4-41a5-aa43-17428b0fea39","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)][[Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023](https://app.tidalcyber.com/references/1931b80a-effb-59ec-acae-c0f17efb8cad)]","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"755b5158-489e-4185-a407-cf350c5c8483","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"3e501609-87e4-4c47-bd88-5054be0f1037","name":"Ursnif","type":"malware","source":"MITRE","software_attack_id":"S0386","tidal_id":"d8c4a438-4d4b-5ec1-b943-a84b3bced76a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6c6518e9-f355-4c3f-9fd5-f5220fcd4c28","name":"Gozi-ISFB","description":"[[FireEye Ursnif Nov 2017](https://app.tidalcyber.com/references/32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47)][[ProofPoint Ursnif Aug 2016](https://app.tidalcyber.com/references/4cef8c44-d440-4746-b3e8-c8e4d307273d)]","source":"MITRE","associated_software_id":"18c4205c-8e09-42cb-9caa-0c62560e1977","owner_id":null,"owner_name":null},{"id":"2e12363d-2d3b-4af7-87f3-d4ddf8b81be7","name":"Dreambot","description":"[[NJCCIC Ursnif Sept 2016](https://app.tidalcyber.com/references/d57a2efe-8c98-491e-aecd-e051241a1779)][[ProofPoint Ursnif Aug 2016](https://app.tidalcyber.com/references/4cef8c44-d440-4746-b3e8-c8e4d307273d)]","source":"MITRE","associated_software_id":"788feb5e-d8f2-4f2b-8796-dd66b230213b","owner_id":null,"owner_name":null},{"id":"ce0aa4eb-69c7-4f94-97ac-535bb9c6dc4d","name":"PE_URSNIF","description":"[[TrendMicro Ursnif Mar 2015](https://app.tidalcyber.com/references/d02287df-9d93-4cbe-8e59-8f4ef3debc65)]","source":"MITRE","associated_software_id":"0a7f6b16-335e-4e61-8c7d-75d08144eae4","owner_id":null,"owner_name":null}],"groups":[{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Proofpoint TA547 April 10 2024](/references/c1fab1dd-bec1-4637-9d50-8317247dc82b)]","group_attack_id":"G3059","group_id":"ac3426c4-6d7e-4e99-9546-266fb7fd8c44","name":"TA547","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)][[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)][[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)][[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"64134a38-e6f2-432c-8f57-8ae6ee0572c5","tag":"88f27876-7be0-413b-8d91-5fa031d469fb"},{"id":"4d68445c-c815-4b80-8d7e-66e21da7263a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3de710a4-03cf-4831-bc44-a3dc73919450","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"0403e846-6dfb-4fc4-880e-0598d5b2f390","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"26d93db8-dbc3-44b5-a393-2b219cef4f5b","name":"USBferry","type":"malware","source":"MITRE","software_attack_id":"S0452","tidal_id":"c3eba204-19a2-5fa9-8022-d213940a432d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro Tropic Trooper May 2020](https://app.tidalcyber.com/references/4fbc1df0-f174-4461-817d-0baf6e947ba1)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"50eab018-8d52-46f5-8252-95942c2c0a89","name":"USBStealer","type":"malware","source":"MITRE","software_attack_id":"S0136","tidal_id":"b12d4ef4-41fc-5921-9f9c-d3ecfe8a903c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a3064aee-d2e6-4c11-a0c3-e3e8588b436d","name":"USB Stealer","description":"","source":"MITRE","associated_software_id":"4f016c90-30ea-44b2-8c22-10d2fe2c6954","owner_id":null,"owner_name":null},{"id":"5efe4dbe-c07b-4038-9ca8-259b274cd0f9","name":"Win32/USBStealer","description":"","source":"MITRE","associated_software_id":"2fbb693a-533b-4afb-91da-7e62ce0b3840","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ef4be4a2-b7e6-4e69-b39f-9f58a8e68143","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"50a57a6f-6597-42d1-b686-7003c631ddb0","name":"UtilityFunctions","type":"tool","source":"Tidal Cyber","software_attack_id":"S3383","tidal_id":"60fd13d3-6f00-5617-b113-cd08da3b3436","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eb7bd1eb-baf2-4be4-8227-b7036140124e","name":"UtilityFunctions.ps1","description":"[[UtilityFunctions.ps1 - LOLBAS Project](/references/8f15755b-2e32-420e-8463-497e3f8d8cfd)]","source":"Tidal Cyber","associated_software_id":"8ef743a4-8788-4bb2-8274-499f4c4f9392","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4a9519a9-c5f6-435f-887b-1cdec54958b2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a7e94d44-4681-47d3-b76f-e91f473284c7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b149f12f-3cf4-4547-841d-c63b7677547d","name":"Valak","type":"malware","source":"MITRE","software_attack_id":"S0476","tidal_id":"8b9caa1d-852e-50a1-9b5f-9ce61b061a4a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)][[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)][[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)][[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"67f71c18-1748-40ba-9340-61ec4a084b9a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"63940761-8dea-4362-8795-7bc0653ce1d4","name":"VaporRage","type":"malware","source":"MITRE","software_attack_id":"S0636","tidal_id":"580a45d7-fffb-5f24-8255-ecf06a89e847","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"90afea27-3e4c-49bb-952f-6cd47f45fc34","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"fe116518-cd0c-4b10-8190-4f57208df4e4","name":"Vasport","type":"malware","source":"MITRE","software_attack_id":"S0207","tidal_id":"7b95f268-e2b1-5196-89c8-f4436970dba9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"05e03335-0a5e-48ca-9595-e7f462225036","name":"Vatet Loader","type":"malware","source":"Trellix TIG","software_attack_id":"S3468","tidal_id":"06b7a2dc-6206-5548-9c25-0d8759413025","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"25ae056b-aa3d-4bfb-9b53-ba76bce0dad1","name":"vbc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3292","tidal_id":"8f91a477-89da-582c-ab30-54081d1bf77c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"579a54a7-21df-4f94-a7af-43b644fa424d","name":"vbc.exe","description":"[[vbc.exe - LOLBAS Project](/references/25eb4048-ee6d-44ca-a70b-37605028bd3c)]","source":"Tidal Cyber","associated_software_id":"1ad2a3ea-b488-439c-ab34-5cf15df250f3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"44ca1e01-26e2-44d6-ad21-2323e757c36e","tag":"bc6f5172-90af-491e-817d-2eaa522f93af"},{"id":"04b63364-bba2-498c-9453-44ce2f645fcf","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"08673e23-9fc8-4147-bf14-5705aeb7ade6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"150b6079-bb10-48a8-b570-fbe8b0e3287c","name":"VBShower","type":"malware","source":"MITRE","software_attack_id":"S0442","tidal_id":"904f296c-5d27-5d3e-a775-109a6522adfe","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Kaspersky Cloud Atlas August 2019](https://app.tidalcyber.com/references/4c3ae600-0787-4847-b528-ae3e8ff1b5ef)]","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"36c06aee-5574-4094-a579-8ec7c9929040","name":"Veaty","type":"malware","source":"Tidal Cyber","software_attack_id":"S3182","tidal_id":"e5cd2c21-8c32-51c1-92a7-1694cb9ae588","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Check Point Research September 11 2024](/references/53320d81-4060-4414-b5b8-21d09362bc44)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e15bfc63-5bd9-4dd6-a09a-4c95c855ea51","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3b17acce-4f23-41ea-a9ce-d9e0e9cc621d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"3718f2aa-084a-4f7a-b460-f862e58679b3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bee4788c-4d18-443a-8fa8-73aac5a10390","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cff14334-5e0f-48bb-85ed-61f705a83aa5","name":"Veeam Credential Recovery","type":"tool","source":"Trellix TIG","software_attack_id":"S3439","tidal_id":"5edff116-947d-5d14-a618-85ff5ef550b2","platforms":[],"associated_software":[{"id":"5964b883-78aa-4010-8657-b3c4cc1ca950","name":"Veeam Get Creds","description":"","source":"Trellix TIG","associated_software_id":"ff6b3625-d922-49bd-a8c3-d5d2422ba9d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"19d3b579-6e37-402f-a131-453876caf90a","name":"Veeam-Get-Creds.ps1","description":"","source":"Trellix TIG","associated_software_id":"895db12c-adce-4632-b013-44eba7d2a6b9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"87107499-347d-4cb4-a2ec-bd6e4c42581a","name":"VenomRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3455","tidal_id":"73f367c6-e924-58bb-be66-03a1f5d0c529","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1e9f55d-26af-467a-b607-694859e6317a","name":"Venom RAT","description":"","source":"Tidal Cyber","associated_software_id":"0f22cf97-6a7f-447e-b833-48d6373c6ce7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"aa790a69-5c4f-4641-b4d2-ca26777212db","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"148683ed-ffe6-465b-a605-3e6252a682ea","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ed840ca0-db02-4882-a004-72028437e8f3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2f33ae13-8ab2-4ec1-8358-c81218c1f3a5","name":"Venus Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3014","tidal_id":"0bf3af74-5790-55a3-bc01-10fc0e7d3807","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2e7e2c63-4127-4b1a-bd02-5d352687d930","tag":"537bb659-7c9b-4354-b1da-03989ce412c8"},{"id":"bfbb4cc5-79cb-4933-9235-1c0bafee712d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7e78530c-8dc5-4a01-b755-2cb3c0b07944","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"5eba0dba-b1cc-47b5-9c1a-1a29ac8959fb","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"78282586-5931-4eb6-97b0-aaaabe108aa1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e1e577a8-dc6b-4350-9a17-6c6304bb997b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"56dc0bea-bdfb-4731-b6c0-425fb7f9bf4d","name":"Verclsid","type":"tool","source":"Tidal Cyber","software_attack_id":"S3293","tidal_id":"2f3c3ed6-9491-5bf5-a9c2-d4b40e9aee79","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"01e581f1-e88b-48fe-8097-48bc5ab220cf","name":"Verclsid.exe","description":"[[LOLBAS Verclsid](/references/63ac9e95-aad8-4735-9e63-f45d8c499030)]","source":"Tidal Cyber","associated_software_id":"36aff35e-5b1e-4d4c-8690-492221812efd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"212ad184-3257-48cd-bdcf-e480a4f730a7","tag":"4e91036d-809b-4eae-8a09-86bdc6cd1f0e"},{"id":"b047ce77-02f0-4a29-ae3c-1f238870949c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6591263b-031e-42d2-bdc1-c779229d4ef6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"afa4023f-aa2e-45d6-bb3c-38e61f876eac","name":"VERMIN","type":"malware","source":"MITRE","software_attack_id":"S0257","tidal_id":"c723e3a9-276a-5b95-b48a-85b7403922a0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ea857bb3-408e-566f-a693-96d9dc4f3c90","name":"VersaMem","type":"malware","source":"MITRE","software_attack_id":"S1154","tidal_id":"ea857bb3-408e-566f-a693-96d9dc4f3c90","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[VersaMem](https://app.tidalcyber.com/software/ea857bb3-408e-566f-a693-96d9dc4f3c90) was used by [Volt Typhoon](https://app.tidalcyber.com/groups/4ea1245f-3f35-5168-bd10-1fc49142fd4e) as part of [Versa Director Zero Day Exploitation](https://app.tidalcyber.com/campaigns/e28a09b7-885f-5556-b56e-7ad3e0581ac0).[[Lumen Versa 2024](https://app.tidalcyber.com/references/1d7f40f7-76e6-5ba2-8561-17f3646cf407)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d56d7a2a-5062-45b6-8fec-08a393d4041c","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"ced8364c-e0e2-429a-a029-300fa2f0d5be","name":"Vidar Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3096","tidal_id":"784e5af5-e6ce-52db-9754-5537346dca4a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8403eece-9ac6-484b-8f3a-b530d6837ae1","tag":"26028765-3b6d-419c-92b5-5fbe345a26d1"},{"id":"11df2e49-0be5-4e6a-a485-c0b8c2bb2bf4","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"52bb8ae8-c49f-4f5b-a5e9-620c2b7fc76b","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"af84d383-5c7e-407b-aa54-0f8f24513027","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"beff5fb3-b566-4132-85dd-eee43a6b0539","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"58926fd0-4662-4ea9-afd5-aab2536bc95b","name":"VIRTUALGATE (Windows)","type":"malware","source":"Trellix TIG","software_attack_id":"S3412","tidal_id":"dedd49f4-75c9-5662-8c48-8ad5be7bf876","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"3a67d17e-bada-4f6b-a27c-8e2bb904e686","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3d9096c4-28ba-41fc-8e3f-71a42c2344cc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"387f15a5-bac0-4c42-8cd3-025202e923da","name":"VIRTUALPEER","type":"malware","source":"Trellix TIG","software_attack_id":"S3452","tidal_id":"9de5e442-55b5-5d65-af28-a3711541e212","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"f835211e-1e40-4c56-be77-213db34045eb","name":"VIRTUALPIE (VMware ESXi)","type":"malware","source":"Trellix TIG","software_attack_id":"S3444","tidal_id":"d0763a59-f160-517a-8b86-7b1ec46c7f8c","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"91d90d5e-7b02-47b3-b225-ebf5d6971fa4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"f30de842-03bc-4ddf-93d6-3638c477c7dd","name":"VIRTUALPITA (LINUX)","type":"malware","source":"Trellix TIG","software_attack_id":"S3424","tidal_id":"8e2c6b54-1bff-59a0-9f00-ec9a8fdfbc5f","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bc23c9a3-fe20-4870-927c-aa916d833859","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"b7470464-1dc9-438c-ac0f-da2c39d84fca","name":"VIRTUALPITA (VMware ESXi)","type":"malware","source":"Trellix TIG","software_attack_id":"S3394","tidal_id":"b2d3780b-0a95-5c90-9457-57666a9c34e2","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"96c74f69-e850-4b3c-84e0-e751def68f14","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"04bf30d7-583b-4235-aad0-b58cbbb69888","name":"VIRTUALSHINE","type":"malware","source":"Trellix TIG","software_attack_id":"S3408","tidal_id":"71b25ef7-4597-56ba-803e-23493a26b7ef","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"cd0190ee-2af6-4bc9-8e2d-c2ab533b2427","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"8e231a5b-98a4-4fea-9219-7c616ac87e4c","name":"VIRTUALSPHERE","type":"malware","source":"Trellix TIG","software_attack_id":"S3387","tidal_id":"798458c2-0ab9-53bc-89a0-46dd729f8447","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"66704b02-4569-48b6-adf4-573cc52b320f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"f8ffea4b-f25c-4b27-8e44-0d1ecc00b8ac","name":"Visio","type":"tool","source":"Tidal Cyber","software_attack_id":"S3482","tidal_id":"5fbe8bb6-edcb-5eb3-a5a8-5f808929884d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"80630d13-9e61-4ab5-9809-4878b497e12c","name":"Visio.exe","description":"[[Visio.exe - LOLBAS Project](/references/e92c169e-2096-4b07-b0d1-06492ab61019)]","source":"Tidal Cyber","associated_software_id":"faa2ed35-96df-4ad1-83e7-78c3dc028bc5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c6015d02-5835-4c26-9d47-1c1c3c2c2a39","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"0143bcd1-eb47-4593-80ef-fb00e4470d32","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"acfbcd12-25fd-41cd-83ef-c7af7cb59fff","name":"VisualUiaVerifyNative","type":"tool","source":"Tidal Cyber","software_attack_id":"S3367","tidal_id":"db83e183-2b99-56ca-ba9c-2e5f10770d02","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1badddfb-7780-46c4-b1b7-68d1083b7a3c","name":"VisualUiaVerifyNative.exe","description":"[[VisualUiaVerifyNative.exe - LOLBAS Project](/references/b17be296-15ad-468f-8157-8cb4093b2e97)]","source":"Tidal Cyber","associated_software_id":"a11ae9f6-5229-48cb-9350-fcabf73be98e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c900aa89-a139-4ca0-b00c-998c3d04194b","tag":"5e096dac-47b7-4657-a57b-752ef7da0263"},{"id":"0545fa16-1628-4012-8737-c5785c351802","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"75ad1f9f-5735-49af-b265-984b0769fda1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9497591e-38fd-46c4-b31c-5572834870ff","name":"VMware Tools","type":"tool","source":"Trellix TIG","software_attack_id":"S3451","tidal_id":"32d61b0b-da73-5d79-aec4-2f12f4371f0a","platforms":[],"associated_software":[{"id":"cb231a91-241d-4ecf-aa14-a7bc0d98c463","name":"vmtools","description":"","source":"Trellix TIG","associated_software_id":"9c101c0e-5c43-4a28-bcf2-87eb18276522","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"736458bb-0e00-419d-83ca-1a76d9914e9c","name":"vmtoolsd","description":"","source":"Trellix TIG","associated_software_id":"941c01e2-99fb-486d-b9cc-dcc2eb737875","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8400311a-ecd1-4278-8b47-730f6980c190","name":"vmtoolsd.exe","description":"","source":"Trellix TIG","associated_software_id":"25cc24ce-cab9-479d-9479-c64b273133ad","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"4a22b00e-e8b7-47ca-a1da-9d390231fe65","name":"VMware vCenter","type":"tool","source":"Trellix TIG","software_attack_id":"S3413","tidal_id":"a0c7844a-7848-55eb-be3b-e0319e822c23","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"e1dcbb6c-00ef-46f1-9da2-44b43b533256","name":"Voldemort","type":"malware","source":"Tidal Cyber","software_attack_id":"S3163","tidal_id":"685fb050-c56c-5aef-8e66-1b14c950fa76","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2c83e73d-75db-4518-ba04-f9651c0b9610","tag":"fe28cf32-a15c-44cf-892c-faa0360d6109"},{"id":"c8ac1082-4de9-4c17-929a-7f13653e3272","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"13cb210b-90f4-4a9f-91a6-7368daa11f5c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"c2fc003d-d237-49f7-91cc-117eef62858c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"13996ef9-41af-4f5d-88f6-8689362ea623","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7fcfba45-5752-4f0c-8023-db67729ae34e","name":"Volgmer","type":"malware","source":"MITRE","software_attack_id":"S0180","tidal_id":"8f56d5f9-b56d-591b-a47f-fa08a93bc4d1","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[US-CERT Volgmer Nov 2017](https://app.tidalcyber.com/references/c48c7ac0-8d55-4b62-9606-a9ce420459b6)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b2ea039c-3cd4-54f4-a46f-9ee79fe6350b","name":"VPNFilter","type":"malware","source":"MITRE","software_attack_id":"S1010","tidal_id":"b2ea039c-3cd4-54f4-a46f-9ee79fe6350b","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) operations based on reporting on [VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) replacement software, [Cyclops Blink](https://app.tidalcyber.com/software/68792756-7dbf-41fd-8d48-ac3cc2b52712).[[NCSC CISA Cyclops Blink Advisory February 2022](https://app.tidalcyber.com/references/bee6cf85-5cb9-4000-b82e-9e15aebfbece)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"61daa3bf-c873-4a9a-8bba-406e67338692","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"0d883a53-ba6f-4cb8-baba-a2434b742563","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"fca6d378-bbe6-4418-b238-6a9a63aaabba","name":"VSDiagnostics","type":"tool","source":"Tidal Cyber","software_attack_id":"S3365","tidal_id":"511af122-214c-5b31-9896-0a575c902a5d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e9e3d073-b934-4df2-a787-eb98080fbb01","name":"VSDiagnostics.exe","description":"[[VSDiagnostics.exe - LOLBAS Project](/references/b4658fc0-af16-45b1-8403-a9676760a36a)]","source":"Tidal Cyber","associated_software_id":"17acae5f-d999-4a97-8cb1-546118e65b3b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2fb615bf-5cfc-4ce3-baf9-5a2151b21a56","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"40359841-1b6b-4add-a9ef-b4d2feb75bfa","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f39988b4-acf7-4d56-a7e5-8e8fa0b8ccc2","name":"Vshadow","type":"tool","source":"Tidal Cyber","software_attack_id":"S3368","tidal_id":"95fef600-727c-572f-9594-95d3d44fd5ec","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3a585bce-7110-400e-bfcb-ed7b48ca3b1f","name":"Vshadow.exe","description":"[[Vshadow.exe - LOLBAS Project](/references/ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c)]","source":"Tidal Cyber","associated_software_id":"012ea77d-0d1e-420f-8648-e4872647ea7b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"252d3a2b-261b-498b-a28a-a00358d6c9bf","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ee05557d-a772-426b-8548-3ed4a0fa83f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2517da5a-11b1-4f77-b488-c096173b1b50","name":"VSIISExeLauncher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3366","tidal_id":"cf61652f-75e3-5b5e-8c8d-179340bb614a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ae3a2848-93c9-455d-8937-c1c40b8312d3","name":"VSIISExeLauncher.exe","description":"[[VSIISExeLauncher.exe - LOLBAS Project](/references/e2fda344-77b8-4650-a7da-1e422db6d3a1)]","source":"Tidal Cyber","associated_software_id":"8b5cb79f-747e-48a5-8946-873ae62a5e0a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0153f9c2-a46a-4033-ac57-14f3c95a427e","tag":"0bf195a2-c577-4317-973e-a72dde5a06e6"},{"id":"70a73843-e175-46c7-b3a6-da8e82db5d29","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2fcbfcb3-29fe-4c94-85a8-51aadb26a4ac","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"34ba500e-c37c-45ec-abf4-16e2f76d82c8","name":"vsjitdebugger","type":"tool","source":"Tidal Cyber","software_attack_id":"S3369","tidal_id":"ac135f3a-167d-5a9e-a542-d1f6bd5021b8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d3b7d227-e39a-498b-8a01-2224bdcbdb9e","name":"vsjitdebugger.exe","description":"[[vsjitdebugger.exe - LOLBAS Project](/references/94a880fa-70b0-46c3-997e-b22dc9180134)]","source":"Tidal Cyber","associated_software_id":"bf3acc6a-9193-48fc-b4bb-5cca12bfa006","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5f015ea8-b30d-4ace-83ca-748febcf486e","tag":"71bc284c-bfce-4191-80e0-ef70ff4315bf"},{"id":"609d0d34-21b6-4eec-9a17-55d93180d656","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"fd41b5ea-3352-4372-a49d-172671c0fc4b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"36462805-2b63-4619-9104-4401138c8def","name":"VSLaunchBrowser","type":"tool","source":"Tidal Cyber","software_attack_id":"S3483","tidal_id":"fed6f8e9-c2a8-5aff-a4c8-9e05bc454eb9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"05c0f005-d7c6-4e91-8153-23224d7a13a1","name":"VSLaunchBrowser.exe","description":"[[VSLaunchBrowser.exe - LOLBAS Project](/references/d88f1249-6a39-496c-afc8-8032457740e8)]","source":"Tidal Cyber","associated_software_id":"62430681-6185-4a6b-9af4-8a0f95e028e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"218c02c6-e5bb-46f5-8e2d-9053d1b53258","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ef701f2-3780-4de9-bef1-9158963dbe54","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"99f752db-12c4-45a7-9f7b-f4fcda033462","name":"vsls-agent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3374","tidal_id":"c830fd64-3f30-55a0-a0ae-abc8526f0557","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"48f4e3f9-644b-4253-806a-a1a0d5977172","name":"vsls-agent.exe","description":"[[vsls-agent.exe - LOLBAS Project](/references/325eab54-bcdd-4a12-ab41-aaf06a0405e9)]","source":"Tidal Cyber","associated_software_id":"f4a64cb4-78af-4343-8d36-1c2e63b943ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4c3b58b3-745d-49f7-825b-f417201205fc","tag":"375cb8ad-2b6a-49b7-8eb3-757aaaf72d8b"},{"id":"bc47f628-5887-49af-8b1e-734248375784","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6ba0c365-e9e4-4071-9a97-caab660b5a1a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cb8f33c5-0c0c-4e9b-bc7e-565a55ccaae4","name":"Vssadmin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3517","tidal_id":"2bf34126-2192-5622-8e86-e6419467eef5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a056fb7b-ebe6-42e3-a870-a2abceb7437c","name":"vssadmin.exe","description":"","source":"Tidal Cyber","associated_software_id":"ab53bc4e-bde2-4a36-af80-8b92736b01c8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"a3ebc075-c87b-4400-9498-09bb95d47231","name":"VSS Copying Tool (Play Ransomware)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3063","tidal_id":"b44ea169-a9e1-5846-a16d-535d366acbca","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Play Ransomware April 19 2023](/references/a78613a5-ce17-4d11-8f2f-3e642cd7673c)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"966d8c92-7874-4f8a-b7ab-9d58a69fc026","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"85761789-1dc0-4454-aaef-b88ce0bb6f17","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"f5202d33-b023-4afe-b916-812b47e94577","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dfbe173f-5c36-4596-aefb-7ccf504e03c8","name":"vstest.console","type":"tool","source":"Tidal Cyber","software_attack_id":"S3375","tidal_id":"5152253b-0d83-51c7-9eff-043cb79b5dad","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"247c9452-e8dc-41df-89de-e5617c1272d6","name":"vstest.console.exe","description":"[[vstest.console.exe - LOLBAS Project](/references/70c168a0-9ddf-408d-ba29-885c0c5c936a)]","source":"Tidal Cyber","associated_software_id":"eda03dc8-1816-4701-868f-c3c73ec62384","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f2d14b26-2b23-4aaa-a50f-ddb53ff21c9f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"74106824-ea86-4b32-b836-9497fd33b93b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6cbd62e8-9024-42d7-93d5-6b8b3409425b","name":"Wab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3294","tidal_id":"6c24feeb-a3ef-5f03-9174-ea86eca401c2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9672c2e5-1792-4bb8-a16c-6669ee5f99b1","name":"Wab.exe","description":"[[Wab.exe - LOLBAS Project](/references/c432556e-c7f9-4e36-af7e-d7bea6f51e95)]","source":"Tidal Cyber","associated_software_id":"5de40634-9b96-422d-98e0-db9fe0dad5fb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dd220172-ca5e-4901-8868-805743f5d9da","tag":"a53c9f4b-6f0d-4afa-b1ac-8e2d91279210"},{"id":"d46b783e-f9d3-4885-854a-38225104ef91","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"10f1447b-1fde-4389-9775-0eb89711f8f7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6e7d1bcf-a308-4861-8aa5-0f4c6f126b0a","name":"WannaCry","type":"malware","source":"MITRE","software_attack_id":"S0366","tidal_id":"353ab859-db19-5b86-98f8-2ea594261a76","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b142f212-46e9-4623-a5af-9fb8a80696cc","name":"WanaCrypt","description":"[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]","source":"MITRE","associated_software_id":"a4d2e9a7-b785-4385-b85e-51ea8f048de2","owner_id":null,"owner_name":null},{"id":"cff39ad6-363d-44f4-8478-77fdf3b35a26","name":"WanaCrypt0r","description":"[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]","source":"MITRE","associated_software_id":"6d001330-b6ae-4e34-bd64-f1832b53047a","owner_id":null,"owner_name":null},{"id":"e46b3a86-4e74-4485-a8f8-68b28086155a","name":"WCry","description":"[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)][[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]","source":"MITRE","associated_software_id":"16059e86-c89f-40de-a3e7-cee9f210228c","owner_id":null,"owner_name":null},{"id":"c4167a40-dfc1-4ecb-96bc-51ef86a92438","name":"WanaCry","description":"[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]","source":"MITRE","associated_software_id":"a0cee897-ba88-4c1b-a1c6-f811baf608cc","owner_id":null,"owner_name":null}],"groups":[{"description":"[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)][[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)][[FireEye WannaCry 2017](https://app.tidalcyber.com/references/34b15fe1-c550-4150-87bc-ac9662547247)][[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bdd67e32-6027-484d-a9c9-7320a8aa28b1","tag":"88cd6603-5b4e-4d0c-9097-051d3a90cb80"},{"id":"f3fcc2ff-0170-498e-83be-585f2946f317","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"c8f281c7-588c-4d42-943c-4201fc0b7a80","tag":"45795633-a32b-4d9e-8620-4044ac056647"},{"id":"ec874282-7f5e-46dc-87dc-aa00c0432af1","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"577147e0-cc3b-4383-ab51-ec773266ac4a","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"c42b7af1-1de9-46c9-8a36-7ae97c0bff5c","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"260047ae-dea9-42b8-ae15-d502224ac286","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"cdb1eb02-e209-4dcf-8605-ec0073150d20","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"89fa96ef-c559-4876-bcb1-5ff7cea02330","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"f49e4c24-9ce5-4f69-bca7-1851578a1656","name":"Warlock Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3512","tidal_id":"c959281b-0274-5ec7-b6af-e7786ac85d12","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"89e2ec9a-1b22-4a9d-8454-29642e67a93f","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ec02aec2-a63e-421f-820d-7863e2b3ef7c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"ba8af00f-6ec0-41f7-9c6e-599836bf9d5e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae759e5f-2216-4004-a2b2-7166f5793729","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9a592b49-1701-5e4c-95cf-9b8c98b80527","name":"WARPWIRE","type":"malware","source":"MITRE","software_attack_id":"S1116","tidal_id":"efbdd0d8-8b8d-5634-aa77-5521c41ffe8c","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"cfebe868-15cb-4be5-b7ed-38b52f2a0722","name":"WarzoneRAT","type":"malware","source":"MITRE","software_attack_id":"S0670","tidal_id":"b8fb7673-c74b-51ec-a003-d3e5258e54de","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b8f67b24-f8ef-4695-bca1-46e2681029f7","name":"Ave Maria","description":"[[Check Point Warzone Feb 2020](https://app.tidalcyber.com/references/c214c36e-2bc7-4b98-a74e-529aae99f9cf)][[Uptycs Warzone UAC Bypass November 2020](https://app.tidalcyber.com/references/1324b314-a4d9-43e7-81d6-70b6917fe527)]","source":"MITRE","associated_software_id":"50fda745-505f-47ca-b141-0ed2a48e5bfe","owner_id":null,"owner_name":null},{"id":"d2a4f820-7771-4bce-8968-0f0a4a35e33d","name":"Warzone","description":"","source":"MITRE","associated_software_id":"d68a20f3-9abb-4c63-9df4-cb73bf291473","owner_id":null,"owner_name":null}],"groups":[{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has utilized [WarzoneRAT](https://app.tidalcyber.com/software/cfebe868-15cb-4be5-b7ed-38b52f2a0722) to remotely access a compromised system.[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Splunk October 18 2022](/references/78bccfce-ac5c-4413-9f6b-3be2762d7882)]","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Check Point Warzone Feb 2020](https://app.tidalcyber.com/references/c214c36e-2bc7-4b98-a74e-529aae99f9cf)][[Uptycs Confucius APT Jan 2021](https://app.tidalcyber.com/references/d74f2c25-cd53-4587-b087-7ba0b8427dc4)]","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5b919914-2f98-4823-969c-38f5bb6b867a","tag":"b10ffa34-c6ef-4473-b951-9a05dacf68b5"},{"id":"9c8b793e-8b0d-4f30-84a4-0d0facbe7166","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":null},{"id":"0ba6ee8d-2b29-4980-8e55-348ea05f00ad","name":"WastedLocker","type":"malware","source":"MITRE","software_attack_id":"S0612","tidal_id":"f9db1b4a-9649-5df2-9733-a438081072f3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[NCC Group WastedLocker June 2020](https://app.tidalcyber.com/references/1520f2e5-2689-428f-9ee4-05e153a52381)][[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)][[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)][[SentinelOne SocGholish Infrastructure November 2022](https://app.tidalcyber.com/references/8a26eeb6-6f80-58f1-b773-b38835c6781d)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"26823d80-dfbe-4e20-9bc8-3e69157d8687","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a56a7abe-aa6e-4fcd-8d0c-32cc6a069ee3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a64011ad-38b0-413e-8a8a-dcab9aa36d18","name":"WatchDog","type":"tool","source":"Trellix TIG","software_attack_id":"S3456","tidal_id":"4cdcfb2c-dfff-55b8-9230-f1ba9979b2e9","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"56872a5b-dc01-455c-85d5-06c577abb030","name":"Waterbear","type":"malware","source":"MITRE","software_attack_id":"S0579","tidal_id":"24630d9a-0dbc-5367-8bd2-096c5e595837","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Trend Micro Waterbear December 2019](https://app.tidalcyber.com/references/bf320133-3823-4232-b7d2-d07da9bbccc2)]","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"053878a5-6fb3-4e66-9d40-6d61bd34f886","name":"wbadmin","type":"tool","source":"Trellix TIG","software_attack_id":"S3437","tidal_id":"bf6c8f51-f317-572d-b4e6-4ea72ce84bd0","platforms":[],"associated_software":[{"id":"c5870b19-7688-44f7-b47b-693bd736df43","name":"wbadmin.exe","description":"","source":"Trellix TIG","associated_software_id":"30731176-941a-4d88-a7e9-2fabf95c95c7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)][[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f33f267d-adf2-43ab-b664-b4f85c386243","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5692146d-cd3c-4001-a7f9-b3b6f7a259dd","name":"wbemtest","type":"tool","source":"Tidal Cyber","software_attack_id":"S3478","tidal_id":"673e3f11-ce64-53d2-a496-5f1795e1a6e2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1567284f-a5bb-48c6-85ca-5c14d9a75c28","name":"wbemtest.exe","description":"[[wbemtest.exe - LOLBAS Project](/references/6622b44f-7065-4572-a40c-2ad5293c305e)]","source":"Tidal Cyber","associated_software_id":"18960943-71bc-449e-94f9-52d000136c56","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c0a923da-e252-4f31-809f-d6bf770c1954","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"067a49b9-1a0e-443d-830e-36de34f2da6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f228af8f-8938-4836-9461-c6ca220ed7c5","name":"WEBC2","type":"malware","source":"MITRE","software_attack_id":"S0109","tidal_id":"4c0b41a7-df43-5bfa-ae80-ae46407ac16e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e95ad1f-fc35-40b3-af68-ff8c0e8b6c2d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b936a1b3-5493-4d6c-9b69-29addeace418","name":"WellMail","type":"malware","source":"MITRE","software_attack_id":"S0515","tidal_id":"7bbc3b08-6d6d-5265-b7f6-70e5f8e05051","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[CISA WellMail July 2020](https://app.tidalcyber.com/references/2f33b88a-a8dd-445b-a34f-e356b94bed35)][[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6a467166-8cd6-4f0e-a1d8-715b5ec0e8ac","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"20725ec7-ee35-44cf-bed6-91158aa03ce4","name":"WellMess","type":"malware","source":"MITRE","software_attack_id":"S0514","tidal_id":"0a4acc83-939a-5209-b220-d37113d07ae9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[PWC WellMess July 2020](https://app.tidalcyber.com/references/22794e37-3c55-444a-b659-e5a1a6bc2da0)][[PWC WellMess C2 August 2020](https://app.tidalcyber.com/references/3afca6f1-680a-46ae-8cea-10b6b870d5e7)][[CISA WellMess July 2020](https://app.tidalcyber.com/references/40e9eda2-51a2-4fd8-b0b1-7d2c6deca820)][[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)][[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4b1bb834-19be-41b8-8012-05908501c59e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"a20c2bde-b4b0-4dde-afa5-6c224cde933f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2bcbcea6-192a-4501-aab1-1edde53875fa","name":"Wevtutil","type":"tool","source":"MITRE","software_attack_id":"S0645","tidal_id":"cbc39754-2c9b-5409-a16c-6758ef920708","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)][[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) uses [Wevtutil](https://app.tidalcyber.com/software/2bcbcea6-192a-4501-aab1-1edde53875fa) to extract Windows security event log data from victim machines.[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Crowdstrike DNC June 2016](https://app.tidalcyber.com/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"8a747309-7d9e-4269-b8b6-2863ca8bd871","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"40c95386-f366-4a0d-b78f-917737c10b1e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"704187f7-646e-47bb-b045-3aa802b3ba3a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8e185c90-dde6-4d69-8e28-a590f12445a2","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"77ba146b-d4dd-469e-9a66-cf693582b9af","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"ab507aac-d49d-48e1-9192-75a30acf7d2b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"63cd9c41-f580-4863-8900-4f368ec3b1e3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e7f88c43-d5bb-4bc1-a0cd-3c0d9eef4b52","tag":"5db11c6f-cba4-4865-b993-7a3aafd0f037"},{"id":"9c8c3fae-9255-4729-a9be-b6beba13298d","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"d0d6b899-a061-479a-81eb-dbba43c39ed6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"eef15f68-7f2c-4397-97b5-bf3df546901a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"001a24f7-0cc8-4dae-9ebd-173e05463102","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"b4f51b33-f171-4e2f-9754-3fe1c12fc98d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"89b75d17-fd6a-46f3-8631-aba53c30a9ac","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dc51b14f-991c-4a2c-93b2-abc96455073a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"dadd1243-6a4a-4ce2-9eea-1c530e7510d9","name":"Wfc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3370","tidal_id":"8a9e8e73-ac55-586f-8c43-a01faa46b445","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9587218f-04bb-436a-b5a1-c7c524195165","name":"Wfc.exe","description":"[[Wfc.exe - LOLBAS Project](/references/a937012a-01c8-457c-8808-47c1753e8781)]","source":"Tidal Cyber","associated_software_id":"eda6736e-ffb9-4ef9-8d1a-38b3848e4ba4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fa2eafb9-c877-44fe-a86d-503c22d47c8e","tag":"be621f15-1788-490f-b8bb-85511a5a8074"},{"id":"8af0d8f1-bca0-4225-b782-983d0625741b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ab71b0f7-0f07-4bdd-bcde-6b8ca97f59c4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ccf05d5f-398b-4b63-8bd6-07b98894c05b","name":"WFMFormat","type":"tool","source":"Tidal Cyber","software_attack_id":"S3484","tidal_id":"d661711c-0fde-5b20-9505-c7e404fcb7e5","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"69b3aa62-73f0-4d21-bec7-a76c18626a0e","name":"WFMFormat.exe","description":"[[WFMFormat.exe - LOLBAS Project](/references/fa9a472d-d982-4e0c-a68d-1541f1b31b9c)]","source":"Tidal Cyber","associated_software_id":"2a915322-0596-471b-9171-146a6d6b552b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6ec26a82-9384-4dbc-8220-11cba459ac31","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"766467fe-a71b-44bc-b370-e69b05dc30d3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"791f0afd-c2c4-4e23-8aee-1d14462667f5","name":"WhisperGate","type":"malware","source":"MITRE","software_attack_id":"S0689","tidal_id":"e47b6b51-0e6e-5488-b9c1-2b7d03abf946","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) is associated with [WhisperGate](https://app.tidalcyber.com/software/791f0afd-c2c4-4e23-8aee-1d14462667f5) use against multiple victims in Ukraine.[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)][[CrowdStrike Ember Bear Profile March 2022](https://app.tidalcyber.com/references/0639c340-b495-4d91-8418-3069f3fe0df1)][[Mandiant UNC2589 March 2022](https://app.tidalcyber.com/references/63d89139-9dd4-4ed6-bf6e-8cd872c5d034)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5e0d4c9f-2843-46eb-a381-29d5fbb1e751","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"896e82cd-d836-43db-8fad-84cf9b0e7ac4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d1e06503-2341-4934-a9b2-fe8725f57567","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"1a69e0b0-0dce-4003-aa82-630044d00267","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"b8f2f65d-5344-4c29-9633-c6d8077be116","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"835e9cb3-448e-492b-b2d1-66f2f805443d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e64c9cce-40af-4a3c-970a-d33d8198c618","tag":"768c90a8-21b2-403b-8ddc-28181bca7aca"},{"id":"14a89cf9-d78b-49dc-a69a-9d02d9eace55","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"b036dde2-1f6a-403b-8c32-73119fbd9d37","name":"WhiteSnake","type":"malware","source":"Tidal Cyber","software_attack_id":"S3402","tidal_id":"3accec4b-a823-57b4-baed-285746d27f58","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"969b2cdf-46a1-4309-b573-f3f4f9808451","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"952b0e5a-2c7d-436c-b24c-f1b307c7efbf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"83d4320e-9a9c-4815-bed1-6d9225837050","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6992ef9a-ddd9-4b96-a18a-416b76356e74","name":"whoami","type":"tool","source":"Trellix TIG","software_attack_id":"S3446","tidal_id":"fa3ed697-7597-5dd0-87f3-048b64ad17a5","platforms":[],"associated_software":[{"id":"e5cf204e-35a5-4f82-8128-17816ea9851f","name":"whoami.exe","description":"","source":"Trellix TIG","associated_software_id":"9fe907fc-bf99-44c2-8b69-b7531ba62f34","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"ad483f6c-b2ae-4e14-b04d-3811b120be18","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"758f8d56-9c2b-46b9-9c2c-8fb1ecbed173","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"bdd54cff-5d41-445c-9245-bd1566d44743","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"da61ce72-aee3-4b3d-bad2-df3b51493d22","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9dbf0bb9-7ecc-4512-a288-125690077899","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"17c268f6-6351-4a42-8031-6d5ced54b6b2","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"4643d47a-3396-40dc-bf77-74265647dfdd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"134db8ff-3da8-48cb-bafa-9185fef383f6","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"36e2dca3-7e5a-4838-9d84-583ad5324d97","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d6ff9ee9-0468-4280-9c9d-6715f806c0b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ff4e34f9-a37b-4274-ac28-ee4c7373ea78","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"82959d4a-4d1c-432a-8550-91a8fbdd59c5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7b393608-c141-48af-ae3d-3eff13c3e01c","name":"Wiarp","type":"malware","source":"MITRE","software_attack_id":"S0206","tidal_id":"19e009e8-69ff-56da-9663-85a7209a910a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7c2c44d7-b307-4e13-b181-52352975a6f5","name":"Windows Credential Editor","type":"tool","source":"MITRE","software_attack_id":"S0005","tidal_id":"f7df2573-cdf9-5d29-9a98-4d7076553164","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"740a6325-6027-4b7f-89d4-bbd9c1bf1196","name":"WCE","description":"","source":"MITRE","associated_software_id":"e0f8b025-b8bc-4878-b47e-5ea82fc334c8","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)][[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye FIN6 April 2016](https://app.tidalcyber.com/references/8c0997e1-b285-42dd-9492-75065eac8f8b)]","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)][[Dark Reading APT39 JAN 2019](https://app.tidalcyber.com/references/b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58)]","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)][[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"60793f66-3a23-487e-95ea-559edccac6a6","tag":"1d306cbd-9894-4322-a233-b1576b8e25ba"}],"owner_name":null},{"id":"ed50dcf7-e283-451e-95b1-a8485f8dd214","name":"WINDSHIELD","type":"malware","source":"MITRE","software_attack_id":"S0155","tidal_id":"35139901-c478-5cbd-87f4-e7ec4afd9fae","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3afe711d-ed58-4c94-a9b6-9c847e1e8a2f","name":"WindTail","type":"malware","source":"MITRE","software_attack_id":"S0466","tidal_id":"2d9c4371-aaad-5847-b441-69aa17ca3a01","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"[[SANS Windshift August 2018](https://app.tidalcyber.com/references/97eac0f2-d528-4f7c-8425-7531eae4fc39)][[objective-see windtail1 dec 2018](https://app.tidalcyber.com/references/7a32c962-8050-45de-8b90-8644be5109d9)][[objective-see windtail2 jan 2019](https://app.tidalcyber.com/references/e6bdc679-ee0c-4f34-b5bc-0d6a26485b36)]","group_attack_id":"G0112","group_id":"4e880d01-313a-4926-8470-78c48824aa82","name":"Windshift","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5f994df7-55b0-4383-8ebc-506d4987292a","name":"WINERACK","type":"malware","source":"MITRE","software_attack_id":"S0219","tidal_id":"b0af0970-974f-5945-86ed-6b490ef47acd","platforms":[],"associated_software":[],"groups":[{"description":"[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"65d5b524-0e84-417d-9884-e2c501abfacd","name":"Winexe","type":"tool","source":"MITRE","software_attack_id":"S0191","tidal_id":"ad3ecbfa-68b4-52c4-a01c-f57a08bbe088","platforms":[],"associated_software":[],"groups":[{"description":"[[Überwachung APT28 Forfiles June 2015](https://app.tidalcyber.com/references/3b85fff0-88d8-4df6-af0b-66e57492732e)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Securelist DarkVishnya Dec 2018](https://app.tidalcyber.com/references/da9ac5a7-c644-45fa-ab96-30ac6bfc9f81)] ","group_attack_id":"G0105","group_id":"d428f9be-6faf-4d57-b677-4a927fea5f7e","name":"DarkVishnya","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[SecureList Silence Nov 2017](https://app.tidalcyber.com/references/004a8877-7e57-48ad-a6ce-b9ad8577cc68)]","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"076a50b9-39c2-4d25-9af3-d14afc7f4320","name":"winfile","type":"tool","source":"Tidal Cyber","software_attack_id":"S3486","tidal_id":"dc313f1d-b885-57c4-9a7d-f5a6cd78dfe6","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcb99805-aadc-4ff9-bf7d-776448328a45","name":"winfile.exe","description":"[[winfile.exe - LOLBAS Project](/references/78e30416-6c71-44c5-8124-9d047d372474)]","source":"Tidal Cyber","associated_software_id":"9019f47a-a249-4709-9bff-ad601192b07c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c59797a0-c08c-441a-b356-0ef6b23a9fb3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"19a93ebf-0244-46e7-b79c-fde34b77e9dd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3e70078f-407e-4b03-b604-bdc05b372f37","name":"Wingbird","type":"malware","source":"MITRE","software_attack_id":"S0176","tidal_id":"f6659443-e29f-57df-9289-a7e89cf0f0f9","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft NEODYMIUM Dec 2016](https://app.tidalcyber.com/references/87c9f8e4-f8d1-4f19-86ca-6fd18a33890b)][[Microsoft SIR Vol 21](https://app.tidalcyber.com/references/619b9cf8-7201-45de-9c36-834ccee356a9)]","group_attack_id":"G0055","group_id":"3a660ef3-9954-4252-8946-f903f3f42d0c","name":"NEODYMIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6c4e7a00-0151-490c-8a41-98981d355725","name":"winget","type":"tool","source":"Tidal Cyber","software_attack_id":"S3295","tidal_id":"a38f94cb-9940-57e2-b9b4-fc33c526cb15","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7be8168a-91f9-4ee1-9d12-bc3952fa1d47","name":"winget.exe","description":"[[winget.exe - LOLBAS Project](/references/5ef334f3-fe6f-4cc1-b37d-d147180a8b8d)]","source":"Tidal Cyber","associated_software_id":"d042aa21-d8f6-4cdc-bdd8-b304cbf5b71f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8ef6a2bb-be95-443a-b171-d194b5518b3c","tag":"61f778ca-b2f1-4877-b0f5-fd5e87b6ddab"},{"id":"5b564a78-886b-40b3-ad22-ff86324a19cb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ec9795c9-bdd8-4678-96db-0c2ec94b85e5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e10423c2-71a7-4878-96ba-343191136c19","name":"WinMM","type":"malware","source":"MITRE","software_attack_id":"S0059","tidal_id":"05740eca-9e0c-5e5d-8581-aaad67bf62f3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)][[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e384e711-0796-4cbc-8854-8c3f939faf57","name":"Winnti for Linux","type":"malware","source":"MITRE","software_attack_id":"S0430","tidal_id":"74101c9e-41ec-5ae6-9588-053ce69a6ff4","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [Winnti for Linux](https://app.tidalcyber.com/software/e384e711-0796-4cbc-8854-8c3f939faf57) for access to victim Linux hosts during intrusions[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)].","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"245c216e-41c3-4dec-8b23-bfc7c6a46d6e","name":"Winnti for Windows","type":"malware","source":"MITRE","software_attack_id":"S0141","tidal_id":"7dcad148-92cd-544e-b893-097f61748e31","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [Winnti for Windows](https://app.tidalcyber.com/software/245c216e-41c3-4dec-8b23-bfc7c6a46d6e) for persistent access to Windows victims.[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Kaspersky Winnti April 2013](https://app.tidalcyber.com/references/2d4834b9-61c4-478e-919a-317d97cd2c36)][[Kaspersky Winnti June 2015](https://app.tidalcyber.com/references/86504950-0f4f-42bc-b003-24f60ae97c99)]","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d29414d6-f5b4-4a93-bc6e-826d6f30306b","name":"WinProj","type":"tool","source":"Tidal Cyber","software_attack_id":"S3485","tidal_id":"2cacd8c8-8f2b-545c-9e49-97e4ba1fb465","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5b3a3ed6-1d2a-4f3b-a035-710ce2dafb69","name":"WinProj.exe","description":"[[WinProj.exe - LOLBAS Project](/references/d7ceab5b-ae4e-4c68-b5df-df46f1308ec5)]","source":"Tidal Cyber","associated_software_id":"77217d6a-4fc4-493b-893f-028ecab61b33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e6a9e5cd-07c7-464c-8ae0-ef1de6cee390","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d540e681-1d1a-4957-9ccd-06cc67063fda","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d9792748-b81a-4d82-a45e-de05c2a23dbf","name":"WinRAR","type":"tool","source":"Tidal Cyber","software_attack_id":"S3105","tidal_id":"50922acf-c1a6-5524-ae53-de07b593b0d0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17de9f8f-ac50-4ff7-8e6f-7b4d0f9169bb","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"02cad956-5397-49e8-853e-019a73f6f4b9","tag":"1dc2830c-99a9-4615-91f2-12c278077959"},{"id":"38c2655e-25e5-4b52-aa74-faf0f71c574f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f1ece12f-6f13-4efb-91fc-deb1138488b6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"edda3978-512f-4eef-a6b8-7be3813d23bb","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"2dbe09bb-2ef6-4cb0-b5ca-76a02b428980","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"41237b62-eef4-48da-87f4-3ff52ae55200","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"0fd756ed-5692-411f-85a7-ff9c9cdb1649","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"0cb94371-1c86-4328-b71a-3b1076a3422d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"920e665e-559d-40c0-8507-324713d894e8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"16363fad-fdc1-4df3-9264-7442f8791c5a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"93869375-dbc0-458b-a2ac-decc6e83e83d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d47cafaa-c4a2-4675-9866-b50688d99726","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"f94cb1b6-4809-4073-836c-95c3000588a3","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"41ddf33e-7a1c-4d69-b297-75fa141ee763","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"f1a4af39-4f97-4bf8-a4cf-a83af5fbe27f","tag":"23d0545e-45fa-4f0a-957e-deb923039c80"}],"owner_name":"TidalCyberIan"},{"id":"8807e10c-dc1b-4dab-8f60-c03a85c18873","name":"winrm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3384","tidal_id":"a239bd5b-9b59-5862-868d-e0c55088feaa","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2e345a9b-d508-4166-80a2-860287434dc6","name":"winrm.vbs","description":"[[winrm.vbs - LOLBAS Project](/references/86107810-8a1d-4c13-80f0-c1624143d057)]","source":"Tidal Cyber","associated_software_id":"65478a44-ca42-48cc-a03e-cd67353fc39f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d8db7cf2-5b19-4328-90c2-aa34b2eab660","tag":"2eecd309-e75d-4f7b-8f6f-e11213f48b12"},{"id":"97703781-3239-4c03-b15d-88c2133bf014","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ef7b3b9-f197-47ba-a378-0b9708fdfd77","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3ded75ea-b253-48cd-94e7-aef53e0d1e31","name":"WinSCP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3050","tidal_id":"0136025b-b023-5ca7-80e3-b150eac65466","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit42 Luna Moth November 21 2022](/references/042f51db-c9f3-4827-883d-d7e7422fd642)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"641aa4cd-c761-473a-b2dd-8140b612e70e","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"6f05064a-e4aa-4fd6-bd3f-fcd9acee8848","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"5f1dae2d-aa32-45a9-906f-d1628d6fa466","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"e99b519a-faf9-4fd0-998b-37802342e602","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"4dbf2eaa-3258-4cc4-9cc1-ed9f35100db3","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"96015ca8-02f7-49e5-bec4-de1dc73e685d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d895a15b-84c5-46d2-99b7-4ca41d643d20","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fec65941-2d0e-4d38-8230-a78a18142126","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"646054da-70e3-49b7-bee1-22f2e391b8e2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d5862847-dde4-46da-81df-cff736bb1c6a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"fd263f72-b0f8-4b99-8df1-1fc79e197dc8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c09285a0-4e13-489f-bf06-54574faff766","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d439e515-d2ec-4ffb-9c8d-2b1671917917","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"0da2b6a3-beb1-4a0c-84b8-c8bed6283d30","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3f872ecf-9f82-4670-99bb-709827a6f3cb","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f5ff7515-3116-472e-a4bb-54d96e4af47d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"16348d5c-f834-472f-b98d-ffc379cd8378","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a9b58536-cfe2-4b76-aa74-f4e0d8bb3e7c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"faf98c83-70dd-4ce3-88cf-12ea2ad81fe3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7adaeb79-087f-4d65-8f8f-d4689755b107","name":"Winword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3371","tidal_id":"39ecc39b-4662-592f-8eef-9cc1ea09d420","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1c74cced-8dc0-4c39-8377-7afc77ae45d3","name":"Winword.exe","description":"[[Winword.exe - LOLBAS Project](/references/6d75b154-a51d-4541-8353-22ee1d12ebed)]","source":"Tidal Cyber","associated_software_id":"5f6ec10f-8c3d-4656-89bc-f349fe8e5149","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[IBM TA505 April 2020](/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cf826713-0a09-4e70-a010-3b72438d52a0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"01bcd4d1-e0ed-46ed-a8b0-69df121983ab","tag":"228354f0-c709-4a16-a489-c5098ae06c17"},{"id":"dbd2077a-26f3-41ee-b8eb-814d9cb407b3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"01db3ce5-9337-4ec8-973c-2d5cad0458fb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"627e05c2-c02e-433e-9288-c2d78bce156f","name":"Wiper","type":"malware","source":"MITRE","software_attack_id":"S0041","tidal_id":"f2477965-b4dc-5000-a240-f7af623d17f3","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"b66dd22f-da9c-4639-855c-5908fd70e6bb","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"93b02819-8acc-5d7d-ad11-abb33f9309cc","name":"WIREFIRE","type":"malware","source":"MITRE","software_attack_id":"S1115","tidal_id":"5f86a0de-acc4-551f-b378-7b886e487438","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"3cf24b73-76b6-5096-a183-f36cafa62b80","name":"GIFTEDVISITOR","description":"[[Volexity Ivanti Zero-Day Exploitation January 2024](https://app.tidalcyber.com/references/93eda380-ea21-59e0-97e8-5bec1f9a0e71)]","source":"MITRE","associated_software_id":"45c7c1e5-65b7-44f4-9807-831e55a2397c","owner_id":null,"owner_name":null}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"804da3b9-9c3a-4937-aa4a-efddfa5c176e","name":"Wireshark","type":"tool","source":"Tidal Cyber","software_attack_id":"S3110","tidal_id":"ddcad5d4-7689-586e-b65d-b42f1e1dc456","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6fe82bf0-bfd9-4c60-b48a-5279bb89c6ae","tag":"dbe18a6a-c8f9-451e-837e-5a7f25dcf913"},{"id":"9ad6aaf0-c5be-48e7-85b7-b27b77c995dc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"879c6fdd-44fd-4f55-8b2c-94b62bd1b90b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e8ee3c91-39d8-4e24-b162-ff108115da5f","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"f3eb99a8-b7b5-4e90-8e99-3f38309402c0","name":"Wlrmdr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3296","tidal_id":"3eb86c68-719e-537f-b637-bb664fc92d75","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ca4e814-9eac-4d3e-bc73-4276ec713d6b","name":"Wlrmdr.exe","description":"[[Wlrmdr.exe - LOLBAS Project](/references/43bebdc3-3072-4a3d-a0b7-0b23f1119136)]","source":"Tidal Cyber","associated_software_id":"bb8be8ef-1d72-4e76-a111-4ddd0c4aa9d6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dc428616-a6ca-41a5-b8d5-0ceb9a19adcc","tag":"ebf92004-6e43-434c-8380-3671cf3640a2"},{"id":"958d57cf-662c-4bac-9637-50092db9f926","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"973390fe-490f-404e-814f-9132cd42f3fb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"24f3b066-a533-4b6c-a590-313a67154ba0","name":"Wmic","type":"tool","source":"Tidal Cyber","software_attack_id":"S3297","tidal_id":"1cef6881-1215-52db-be9a-13d58e7cdd95","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"56e04589-f5f9-4724-9f87-ab7dd241d5f7","name":"Wmic.exe","description":"[[LOLBAS Wmic](/references/497e73d4-9f27-4b30-ba09-f152ce866d0f)]","source":"Tidal Cyber","associated_software_id":"e7d40056-45fd-4e73-a7f4-750253b18d30","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Symantec WastedLocker June 2020](/references/061d8f74-a202-4089-acae-687e4f96933b)]","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1de727a8-0607-4007-914f-927f55025285","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"0bfd226a-6633-46ab-9c9d-58ce535bc860","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"15fc996a-0e59-46de-a960-3a686ab61924","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"aedd95e2-6214-42ec-ac60-09e2c8241548","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a398dea5-f2dc-4ab2-9f31-2af1911e776c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"904a7d8b-207e-4e85-a7dd-d59c34e8ef78","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cfb13216-817f-4bc4-9bf1-fd588d006836","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e652426e-2ac5-4b32-ac56-55cb88872862","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"e155c78d-8e4f-4ef8-a43b-3d5126378453","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1f999abc-292d-4dc1-b648-845f49ac5fc8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f1f79bdf-1f0d-4f9c-938f-30e40850c97c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9c63e1f1-3f90-41fa-9399-f611d7ea39fb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"80ca6867-9d20-4acb-ac70-eec5095be17e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7d088723-7dcb-4a89-817b-bd0da1b0bc37","tag":"9988b5fd-6235-4a8e-bb8e-d9124ead11d4"},{"id":"d1b30f8d-7a66-4484-92c9-47c0584cbf2f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ba42a122-c52a-47df-80ac-780031ba3cc3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1f374a54-c839-5139-b755-555c66a21c12","name":"Woody RAT","type":"malware","source":"MITRE","software_attack_id":"S1065","tidal_id":"a50a812e-a6c5-556f-bb95-18827b6fdac0","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7720f60a-5c03-4241-b635-6313eceb3307","name":"WorkFolders","type":"tool","source":"Tidal Cyber","software_attack_id":"S3298","tidal_id":"bfc3930c-d82d-5065-a73a-5584b3205048","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1d09058a-5903-49e8-ba83-ed7825c0fdc3","name":"WorkFolders.exe","description":"[[WorkFolders.exe - LOLBAS Project](/references/42cfa3eb-7a8c-482e-b8d8-78ae5c30b843)]","source":"Tidal Cyber","associated_software_id":"29f24b94-b871-4306-b75b-0a4b01860d0c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5bae50d3-7f30-4c95-beb3-4610dfbd2f63","tag":"b5581207-a45f-4f7f-b637-14444d716ad1"},{"id":"0b494b04-4c9d-4f74-bc17-13f7ee0593ba","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b72c0553-efde-4877-9b12-3636831fdde3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"be8d1032-3452-4d44-83cb-c7ece7d5a052","name":"Wscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3299","tidal_id":"73779908-8bdd-5660-aaed-3f97c7924e33","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"45b873fa-6ccc-4c51-aeb1-29a9a92a587f","name":"Wscript.exe","description":"[[Wscript.exe - LOLBAS Project](/references/6c536675-84dd-44c3-8771-70120b413db7)]","source":"Tidal Cyber","associated_software_id":"eb4ba697-857a-4e23-9eff-f3aacdaaaa46","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Palo Alto Unit 42 OutSteel SaintBot February 2022](/references/b0632490-76be-4018-982d-4b73b3d13881)]","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"85506027-3b44-42b9-9540-0d5d7b91b91a","tag":"b4520b56-73e3-43fd-9f0d-70191132b451"},{"id":"5216affd-79e9-4d4f-aebf-7141491f2199","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6e995aa0-3ada-4602-ad5c-bb66180744bd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9663965e-0fd1-45c3-a138-c7539ed91832","name":"Wsl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3372","tidal_id":"998a76c5-3ae8-56fd-89e3-605cd9d1d08e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7a6e5ea8-c20a-49e7-844a-fe511889b564","name":"Wsl.exe","description":"[[Wsl.exe - LOLBAS Project](/references/c147902a-e8e4-449f-8106-9e268d5367d8)]","source":"Tidal Cyber","associated_software_id":"b7b8a330-d1f6-48f6-b49a-cbe7a786d1a3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"78fea509-8c8d-4fa3-99d8-b82ead2e1061","tag":"96ebb518-7c1f-4011-a3ec-42aa78a95e4f"},{"id":"f8a7ba6c-93e1-4396-8ed0-8263fd57c921","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"09749cf8-c428-4d57-a8b9-43963a79a9f3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b75e4dcf-62ed-44cc-b9d2-d6d1b90955a8","name":"Wsreset","type":"tool","source":"Tidal Cyber","software_attack_id":"S3300","tidal_id":"f786008d-0d82-56fa-ae37-100f390abf5a","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"72ce2857-99d8-424a-b4ac-c04907124185","name":"Wsreset.exe","description":"[[Wsreset.exe - LOLBAS Project](/references/24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89)]","source":"Tidal Cyber","associated_software_id":"1736ed77-6f0e-4e70-89b1-8e41a005aae3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4e58ed9a-3bfe-4d44-93b0-eadf66521b82","tag":"291fab5d-e732-4b19-83e4-ee642b2ae0f0"},{"id":"56a9a02b-0354-4408-b473-653fa2d2e89b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2d8e851-d40a-4f36-b9cc-d929a4343592","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a34b303e-e8bb-48b2-85e0-f6e2620d68ab","name":"wt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3305","tidal_id":"7cf18791-59cc-5a08-9dae-5baaa97aab63","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6f1cff42-3758-4eb6-b43f-18003d6d8edb","name":"wt.exe","description":"[[wt.exe - LOLBAS Project](/references/bbdd85b0-fdbb-4bd2-b962-a915c23c83c2)]","source":"Tidal Cyber","associated_software_id":"11184347-6e49-4c9c-b730-636f2db7bdf6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"faa479b7-4cc9-4a1d-9f89-908b6e95dad9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"77708835-1277-4693-bc79-0eccad021ce4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"06fe608d-a517-492f-8557-cfb820984146","name":"wuauclt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3301","tidal_id":"db795e8e-5abf-55fb-8812-e814b1c12631","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcc59f33-7732-4dcc-b1cf-4f78a2459a74","name":"wuauclt.exe","description":"[[wuauclt.exe - LOLBAS Project](/references/09229ea3-ffd8-4d97-9728-f8c683ef6f26)]","source":"Tidal Cyber","associated_software_id":"1fa5cc14-037c-4940-9816-76e009769429","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[[Lazarus APT January 2022](/references/fbd96014-16c3-4ad6-bb3f-f92d15efce13)][[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"66d1d5ce-e57a-40b0-b1ab-d590e75ec155","tag":"03f0e493-63ae-47b5-8353-238390a895a8"},{"id":"44d07b6b-ae87-4e29-9786-3978a2d19205","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5e94e9f3-95fc-48af-88e4-af514c44bbcc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"027bfa11-157a-4050-8cd9-eb7ddbd17021","name":"wzshiming sshd","type":"tool","source":"Trellix TIG","software_attack_id":"S3404","tidal_id":"14482e90-6b87-5683-83d5-1b08b1585448","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"6f411b69-6643-4cc7-9cbd-e15d9219e99c","name":"XAgentOSX","type":"malware","source":"MITRE","software_attack_id":"S0161","tidal_id":"e073d4ba-4738-503a-9521-9936f3e0868e","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"f03d380b-2f8c-4131-ba2f-d16c9c550413","name":"OSX.Sofacy","description":"[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]","source":"MITRE","associated_software_id":"469e0e63-774e-4627-8e71-d4b206958acf","owner_id":null,"owner_name":null}],"groups":[{"description":"[[XAgentOSX 2017](https://app.tidalcyber.com/references/2dc7a8f1-ccee-46f0-a995-268694f11b02)][[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)][[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ab442140-0761-4227-bd9e-151da5d0a04f","name":"Xbash","type":"malware","source":"MITRE","software_attack_id":"S0341","tidal_id":"4f5af5f5-0029-5ad4-b460-68c96a9e6af9","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"11a0dff4-1dc8-4553-8a38-90a07b01bfcd","name":"xCaon","type":"malware","source":"MITRE","software_attack_id":"S0653","tidal_id":"ab4f775d-3307-556b-bc33-8d153c163de4","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Checkpoint IndigoZebra July 2021](https://app.tidalcyber.com/references/cf4a8c8c-eab1-421f-b313-344aed03b42d)]","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d943d3d9-3a99-464f-94f0-95aa7963d858","name":"xCmd","type":"tool","source":"MITRE","software_attack_id":"S0123","tidal_id":"d9622ef1-58a9-5b32-bd05-047e5742a6c6","platforms":[],"associated_software":[],"groups":[{"description":"[[Mandiant APT1 Appendix](https://app.tidalcyber.com/references/1f31c09c-6a93-4142-8333-154138c1d70a)]","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"84954209-1e2a-48dd-ba17-0f015f6de3ef","name":"xcopy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3058","tidal_id":"a78e3061-d84c-5e83-9ed4-8f037ed01760","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"953c8a10-8cb9-4039-adb5-6ab4c321042b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"fa9c57aa-faab-4feb-9ed7-c2618fc370e5","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1a35243c-df70-4179-9b76-064aa7a93746","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"66b825e1-c798-4781-86ff-d0e54207ad1e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"a0a073ad-c9c7-494d-8bc5-f7960e75f12d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"448e7288-7171-43a0-9144-732d8db6d489","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3672ecfa-20bf-4d69-948d-876be343563f","name":"XCSSET","type":"malware","source":"MITRE","software_attack_id":"S0658","tidal_id":"a93afedd-9aa7-59b8-afde-84b52bdd8190","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"6ca09437-11e8-406e-9cdc-06f7a8a92dd2","name":"OSX.DubRobber","description":"[[malwarebyteslabs xcsset dubrobber](https://app.tidalcyber.com/references/11ef576f-1bac-49e3-acba-85d70a42503e)]","source":"MITRE","associated_software_id":"66b2ced3-eab8-4586-91e0-5eedf642953f","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"2035f71f-df94-4196-a459-9ae88c9ffc73","tag":"4a457eb3-e404-47e5-b349-8b1f743dc657"},{"id":"d159482d-353f-4be0-a644-2bb83c37f277","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"84d55824-945f-430d-ae94-77a8aaa4ea08","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7d81c595-cdf4-4c15-943b-db4212b9d1ae","name":"xdotool","type":"tool","source":"Trellix TIG","software_attack_id":"S3463","tidal_id":"3b4b27a1-c49f-5aed-8b47-599107c415bf","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"bcae307b-9405-5cb9-83f3-f1b71eb4dc81","name":"XLoader","type":"malware","source":"MITRE","software_attack_id":"S1207","tidal_id":"bcae307b-9405-5cb9-83f3-f1b71eb4dc81","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ceeeef5f-a193-5223-8089-c9991fcb56ce","name":"Formbook","description":"[[Zscaler XLoader 2025](https://app.tidalcyber.com/references/6e4b763e-b9a7-56b4-8d3c-2c080e852eea)][[ANY.RUN XLoader 2023](https://app.tidalcyber.com/references/54e460e8-5e0d-5f57-9cb0-930e7ffccba3)][[CheckPoint XLoader 2022](https://app.tidalcyber.com/references/e61986f6-7d9d-561a-9aee-429295fa8109)][[Google XLoader 2017](https://app.tidalcyber.com/references/30849319-b664-5257-9634-b3f9de1bc793)]","source":"MITRE","associated_software_id":"d66b6fb9-39de-4d0c-bed6-d6dbc672cf44","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"27c12b42-4ace-4ce7-b0e7-451fc42255ab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5ced31ef-8e03-4125-be9b-922dac49bfa2","name":"Xloader (macOS Variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3130","tidal_id":"0eb6d344-6188-5402-ad29-9c5b65f594ba","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"578eb598-fca6-4301-999d-c21b2e4085e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0a818f31-2bf1-4339-92d1-c5aa30ec4c92","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1491c020-6449-48e7-8ebf-abf7b71fbc97","name":"XMRig","type":"tool","source":"Tidal Cyber","software_attack_id":"S3089","tidal_id":"aa462bd2-c3eb-5b1c-b160-e57e7078b613","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Lacework TeamTNT May 2021](/references/5908b04b-dbca-4fd8-bacc-141ef15546a1)][[Cado Security TeamTNT Worm August 2020](/references/8ccab4fe-155d-44b0-b0f2-941e9f8f87db)]","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"85c6463a-d9db-4ee5-8ecb-8a2e5f85bb92","tag":"2a54c431-2075-4ed5-a691-fa452c11dd13"},{"id":"f81ec2c6-9655-42ea-a0f3-97a1317ca945","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3d1b4a01-d111-4f65-a85f-4263c95810b7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5ccc0b64-dc28-4a93-8a1b-bbe1aa3be06a","tag":"291c006e-f77a-4c9c-ae7e-084974c0e1eb"},{"id":"cdcc8e09-1400-410e-b36c-20c1cdb386a4","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"cb442164-c188-47b1-8048-5017d1f8beae","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"},{"id":"4dba966c-d60f-41a8-bc89-e7478450909b","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":"TidalCyberIan"},{"id":"19e7e967-7d0a-4930-8ef9-11a43dcb081d","name":"Xpack","type":"malware","source":"Tidal Cyber","software_attack_id":"S3072","tidal_id":"74a58b52-f9ec-5606-b806-5b827ec0ac29","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d87a0c56-8d14-47f5-849e-afbce09be2b2","name":"xpack.exe","description":"","source":"Tidal Cyber","associated_software_id":"0baa74ce-ec67-49f5-a3b7-a83e99dd5753","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5028284d-a6bb-4e74-973d-0e8022f99680","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4930e529-8a3a-4789-81aa-9b0d07572d7b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"73269ad0-9882-4962-b705-a355d0612fe1","name":"xsd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3487","tidal_id":"53dbf575-a5ab-59b4-a1c1-8e2a37834969","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac6e2448-c66b-4447-b7b5-9f35a070e6cc","name":"xsd.exe","description":"[[xsd.exe - LOLBAS Project](/references/2f39d112-e777-4d87-9674-38a426b2cf34)]","source":"Tidal Cyber","associated_software_id":"2676c76e-a886-4a01-a77a-8765306555c4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"46c5e2cd-cb21-4ac2-a9de-703038622e4b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f9173ffa-9f0d-4dc6-8ba8-f2d03b569360","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"133136f0-7254-4cec-8710-0ab99d5da4e5","name":"XTunnel","type":"malware","source":"MITRE","software_attack_id":"S0117","tidal_id":"16878156-da48-5a70-91af-387523c3ce38","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1e1bd704-9105-4f94-8c6c-25bc69aa9dd9","name":"X-Tunnel","description":"[[Crowdstrike DNC June 2016](https://app.tidalcyber.com/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)][[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]","source":"MITRE","associated_software_id":"c7a0f216-1bae-4ef7-b37e-5d6df89c8997","owner_id":null,"owner_name":null},{"id":"9737efb9-f0ed-412b-8513-fef883c77e34","name":"Trojan.Shunnael","description":"[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]","source":"MITRE","associated_software_id":"c2269965-aafe-45b9-9852-4c80af005bfa","owner_id":null,"owner_name":null},{"id":"bf7ff22e-0774-48b5-806e-8fc3a2abc3fc","name":"XAPS","description":"[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)]","source":"MITRE","associated_software_id":"22ca51f0-cded-4fd9-99c1-5bd55f57bc56","owner_id":null,"owner_name":null}],"groups":[{"description":"[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)][[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)][[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)][[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d5663ff2-904b-42d6-b4d8-672017d91de2","name":"Xwizard","type":"tool","source":"Tidal Cyber","software_attack_id":"S3302","tidal_id":"e2a972e7-7aa0-5402-8dbd-9898b86abb0d","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"35261d88-d6ec-481d-bd77-e881266c8740","name":"Xwizard.exe","description":"[[Xwizard.exe - LOLBAS Project](/references/573df5d1-83e7-4437-bdad-604f093b3cfd)]","source":"Tidal Cyber","associated_software_id":"3305e7bb-d304-4bf6-ad90-70aac0dd564c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"924bc4c1-371d-44fc-b5ac-cae05b424a96","tag":"c37d2f5f-91da-43c6-869e-192bf0e0ae90"},{"id":"9be5a018-4e87-4ab7-bd84-e14da92be6d4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"07d0bd70-0f2d-4e6c-8e59-231fd4679dbb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"15a19d45-8f31-4ee4-ba01-0c8c1f24a67b","name":"Xworm","type":"malware","source":"Tidal Cyber","software_attack_id":"S3006","tidal_id":"9871e91f-7b38-58bb-8641-c32df5dbc923","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0f9e65b3-ded2-4ef3-855d-20d3c71d3579","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b0d4320a-456e-4ef1-a834-f9866331cde9","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"838922f1-ae7a-40e4-994b-02f84bf4ff39","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"84c42d33-c7eb-400d-ac4f-2cb2b09016f5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"50701a2e-cf54-4b08-bfb3-8823fec1a536","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0844bc42-5c29-47c3-b1b3-6bfffbf1732a","name":"YAHOYAH","type":"malware","source":"MITRE","software_attack_id":"S0388","tidal_id":"3c114444-d36e-536c-98cb-8bb97ab25c42","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[TrendMicro TropicTrooper 2015](https://app.tidalcyber.com/references/65d1f980-1dc2-4d36-8148-2d8747a39883)]","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e251803-e244-4004-a5db-4bf8c08f7577","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2992159c-d71c-48cf-8302-020f90332390","name":"YouieLoad","type":"malware","source":"Tidal Cyber","software_attack_id":"S3138","tidal_id":"c717ac70-3784-59de-b4c1-0c4388c62ce2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8447f8ca-29f6-4777-ac3f-d73887a60682","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f3616e77-ffe0-4575-9768-4cd1725cfc49","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bc82ad55-50cf-4ff2-8849-05adaaecf85c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0962ff7-5524-4683-9b95-0e4ba07dccb2","name":"yty","type":"malware","source":"MITRE","software_attack_id":"S0248","tidal_id":"79e9c873-614d-5f11-8d56-d9635aecbc2c","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"41a3a0d6-e234-4767-9364-d624b84d1a4a","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"be7e2655-5c1d-45ac-97e5-471f50857376","name":"yum-versionlock","type":"tool","source":"Trellix TIG","software_attack_id":"S3469","tidal_id":"5a09aa11-44ae-5369-8078-c611964ef0fc","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"e317b8a6-1722-4017-be33-717a5a93ef1c","name":"Zebrocy","type":"malware","source":"MITRE","software_attack_id":"S0251","tidal_id":"711026ae-1a33-5014-99d7-e73cc78dce66","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcc6a2ed-c784-4851-a9af-9f0aaf741af1","name":"Zekapab","description":"[[CyberScoop APT28 Nov 2018](https://app.tidalcyber.com/references/ef8f0990-b2da-4538-8b02-7401dc5a4120)][[Accenture SNAKEMACKEREL Nov 2018](https://app.tidalcyber.com/references/c38d021c-d84c-4aa7-b7a5-be47e18df1d8)]","source":"MITRE","associated_software_id":"46252b99-2f81-4f99-9896-32fa41445351","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Palo Alto Sofacy 06-2018](https://app.tidalcyber.com/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)][[Unit42 Cannon Nov 2018](https://app.tidalcyber.com/references/8c634bbc-4878-4b27-aa18-5996ec968809)][[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)][[Unit42 Sofacy Dec 2018](https://app.tidalcyber.com/references/540c4c33-d4c2-4324-94cd-f57646666e32)][[ESET Zebrocy May 2019](https://app.tidalcyber.com/references/f8b837fb-e46c-4153-8e86-dc4b909b393a)]","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8ddda4e7-9f63-4592-8833-b2426db36389","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"e8820bf1-1e70-469c-a93b-770c1f23b058","name":"Zeppelin Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3185","tidal_id":"4a304469-844f-560c-96b5-bdd9a57b4a66","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e56db233-99b5-4ea1-a4e0-57f05bcd7abd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6daa2449-6ed1-4025-aa5f-a26ecb2a5df5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"30bd8e19-0962-4fcb-bbfa-78cc4c0d8b1e","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"eed864c0-b490-4f35-a9fe-6c1829dd4227","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ac8cf2aa-1be6-4e13-9b36-8c87cec88625","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"2f52b513-5293-4833-9c4d-b120e7a84341","name":"Zeroaccess","type":"malware","source":"MITRE","software_attack_id":"S0027","tidal_id":"08238d9c-cbea-591a-b0c2-79de9387724a","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ba5668b0-18fe-513f-b3a7-93e16243d185","name":"ZeroCleare","type":"malware","source":"MITRE","software_attack_id":"S1151","tidal_id":"ba5668b0-18fe-513f-b3a7-93e16243d185","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b217d28a-6859-5cc6-956a-b0a953a21ba7","name":"ZEROCLEAR","description":"[[Mandiant ROADSWEEP August 2022](https://app.tidalcyber.com/references/0d81ec58-2e12-5824-aa53-feb0d2260f30)]","source":"MITRE","associated_software_id":"962f47c8-0839-47e1-b3bb-1d109bffb209","owner_id":null,"owner_name":null}],"groups":[{"description":"[OilRig](https://app.tidalcyber.com/groups/d01abdb1-0378-4654-aa38-1a4a292703e2) collaborated on the destructive portion of the [ZeroCleare](https://app.tidalcyber.com/software/ba5668b0-18fe-513f-b3a7-93e16243d185) attack.[[IBM ZeroCleare Wiper December 2019](https://app.tidalcyber.com/references/26ba5292-265d-5db4-a571-215c984fe095)]","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2f42c522-26cb-4681-999a-071364553141","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"f51df90e-ea1b-4eeb-9aff-ec5abf4a5dfd","name":"ZeroT","type":"malware","source":"MITRE","software_attack_id":"S0230","tidal_id":"55c7bd25-1715-5f6b-a32e-d816e76170f8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6f9496d0-2859-44a5-88fc-2ca300a9a77f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"be8add13-40d7-495e-91eb-258d3a4711bc","name":"Zeus Panda","type":"malware","source":"MITRE","software_attack_id":"S0330","tidal_id":"a442d78e-92a3-57aa-83cc-c3585fa0afb2","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"4e556f64-a61b-479a-bb7d-8e937fb8b05d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"34d0c5b5-f6e1-41e9-9061-cf9d36fe61c8","name":"Zipfldr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3322","tidal_id":"fa833b41-6a1f-5b00-b955-be7396dc6d32","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"09b25cb2-84f5-4f9e-90e8-37cda05feb68","name":"Zipfldr.dll","description":"[[Zipfldr.dll - LOLBAS Project](/references/3bee0640-ea48-4164-be57-ac565d8cbea7)]","source":"Tidal Cyber","associated_software_id":"f50a78e0-2256-4642-b267-ecf746252c5a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"af7f047b-b31f-430d-94c0-dd1af4422c3e","tag":"0d0098b4-e159-4502-973d-714011ba605f"},{"id":"a0880c37-a70d-4825-b366-c9ae6286a2b3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b640d975-c906-4db9-909f-fc8b0a8c2691","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"976a7797-3008-5316-9e28-19c9a05959d0","name":"ZIPLINE","type":"malware","source":"MITRE","software_attack_id":"S1114","tidal_id":"806b2d43-bf01-597f-9d00-3f1f7805aea4","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"1ac8d363-2903-43da-9c1d-2b28179638c8","name":"ZLib","type":"malware","source":"MITRE","software_attack_id":"S0086","tidal_id":"223cc61f-4e90-5573-83c5-3160572c7eb8","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a106fb66-bd68-40cc-9374-8b59234a0cec","name":"Zloader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3125","tidal_id":"4cba73ab-544e-5d46-8f7c-0eb3aa367f9e","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4aad7a0e-8915-4968-8ad7-4e9ca3857e6e","name":"DELoader","description":"","source":"Tidal Cyber","associated_software_id":"84e1bda5-3ebf-419b-8967-7bd29aa37c83","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6f9e801b-c522-4278-b245-02f401c0ed8c","name":"SILENTNIGHT","description":"","source":"Tidal Cyber","associated_software_id":"633179d3-6f75-4661-b835-fe0c53816edf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"673a504f-d5e7-40b5-9e69-0a7c3709f03f","name":"Terdot","description":"","source":"Tidal Cyber","associated_software_id":"8ed6228c-46a5-4caa-8b49-c114d82a7180","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3034","group_id":"d2fd3da1-e49c-4273-9add-3d15afc3b837","name":"Zloader Threat Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"66eae061-bf10-42a0-9b84-de12ca6103f9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a06fa950-348d-410b-b1da-89e94106f335","tag":"39357cc1-dbb1-49e4-9fe0-ff24032b94d5"},{"id":"30c544b9-ce1d-4666-80ff-81a19922d3af","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0a578b17-3d60-4a4c-88f4-8ba394893bde","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"195b0821-a81f-43c5-b9cb-05e9ee0dd5ac","name":"Zoho Assist","type":"tool","source":"Tidal Cyber","software_attack_id":"S3396","tidal_id":"cdc6e028-87ef-5665-9f38-359fee4ab9a2","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7e38c632-706d-4faa-be91-686e4bc8ba1e","tag":"9c8319bf-0a97-4cea-a7be-6b8432cc35a1"},{"id":"229eb9fd-6bd6-4f6d-90be-3caeaf477c33","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"765dde0a-310d-4623-9092-dc4653157cc6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"75dd9acb-fcff-4b0b-b45b-f943fb589d78","name":"Zox","type":"malware","source":"MITRE","software_attack_id":"S0672","tidal_id":"aeeec965-a236-50d2-8486-86da7d33e06b","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18204ba2-79ea-4170-aafe-7ee953c504c4","name":"ZoxPNG","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"3835527c-d5ce-43cc-92a6-2afee915dea6","owner_id":null,"owner_name":null},{"id":"5713c24d-5e11-4ecd-9748-2ac2c49b6584","name":"Gresim","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"7835d0eb-283d-409e-827f-89579dddb21c","owner_id":null,"owner_name":null},{"id":"ce7c5740-ac32-4556-b0a3-66de61acc094","name":"ZoxRPC","description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","source":"MITRE","associated_software_id":"df7b9419-47dc-4a77-bad0-3892fe251260","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"49314d4e-dc04-456f-918e-a3bedfc3192a","name":"zwShell","type":"malware","source":"MITRE","software_attack_id":"S0350","tidal_id":"d5b6fa1d-bfe5-5cc6-b833-d15bd5cc66e3","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"05df08fe-4002-4a1c-a7a0-39e9194824e9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"eea89ff2-036d-4fa6-bbed-f89502c62318","name":"ZxShell","type":"malware","source":"MITRE","software_attack_id":"S0412","tidal_id":"48bdcb52-739d-57b4-bc55-a93be2639591","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c4b9dd8f-3c2c-4445-863d-abf4f1a75797","name":"Sensocode","description":"[[Talos ZxShell Oct 2014](https://app.tidalcyber.com/references/41c20013-71b3-4957-98f0-fb919014c93e)]","source":"MITRE","associated_software_id":"9be660db-2271-4eed-9e9e-736b2a425a44","owner_id":null,"owner_name":null}],"groups":[{"description":"[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Talos ZxShell Oct 2014](https://app.tidalcyber.com/references/41c20013-71b3-4957-98f0-fb919014c93e)][[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[[Secureworks BRONZEUNION Feb 2019](https://app.tidalcyber.com/references/691df278-fd7d-4b73-a22c-227bc7641dec)]","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8a1cd602-7354-40f9-b49e-e3c684c0a528","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"7b24e747-2480-4bb4-97e0-e14fed8d0b8c","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"91e1ee26-d6ae-4203-a466-93c9e5019b47","name":"ZxxZ","type":"malware","source":"MITRE","software_attack_id":"S1013","tidal_id":"6e4d3dba-eb83-5977-ae28-9f2d35ba5e3f","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[[Cisco Talos Bitter Bangladesh May 2022](https://app.tidalcyber.com/references/097583ed-03b0-41cd-bf85-66d473f46439)]","group_attack_id":"G1002","group_id":"3a02aa1b-851a-43e1-b83b-58037f3c7025","name":"BITTER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null}]}
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4