Execution Chains


Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Linux
  • Global
  • Darwin
  • Android

Themes

Tags

Licenses

Are MOUSEISLAND malware procedures mitigated on this host?

2022-09-19

/static/assets/windows-logo.svg
Emulates procedures found in MOUSEISLAND malware.
Are GootLoader malware procedures mitigated on this host?

2022-08-30

/static/assets/windows-logo.svg
Emulates tactics found in GootLoader malware.
GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
APT38 WannaCry

2022-05-31

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform lateral movement using EternalBlue and DoublePulsar exploits.
APT40 Find and Exfiltrate

2022-05-10

/static/assets/linux-logo.svg/static/assets/apple-logo.svg/static/assets/windows-logo.svg
Find and exfiltrate files that potentially contain cleartext usernames or passwords based on filename.
APT40 educational institutions

2022-05-03

/static/assets/windows-logo.svg/static/assets/apple-logo.svg/static/assets/linux-logo.svg
Perform process injection and native API execution techniques.
APT29 COVID-19 Vaccine Data

2022-03-22

/static/assets/linux-logo.svg
Emulating APT29's WellMess malware targeting vaccine research.
Operation Ghost

2022-03-15

/static/assets/linux-logo.svg
Emulating APT 29 malware loader via steganography.
APT29 Democratic National Committee

2022-03-01

/static/assets/windows-logo.svg
Emulating Cozy Bear's 2016 Democratic National Committee hack.
Conti Move To Remote System

2022-02-01

/static/assets/windows-logo.svg
Perform lateral movement of Jambi agent to discovered AD targets
Conti Recon And Initial Access

2022-01-10

/static/assets/windows-logo.svg
Perform recon and initial access of target environment
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Jambi Modules

2021-11-16

/static/assets/windows-logo.svg
Use Powershell functions to create a script implant that dynamically resolves and loads modules at runtime.
JXA Modules

2021-10-05

/static/assets/apple-logo.svg
Use JXA to create a fully modular file-less implant that dynamically resolves and load modules at runtime.
B1-66ER (Initial Access)

2021-09-28

/static/assets/linux-logo.svg
Gain initial access by installing SciPy with concealed Schism agent
SharpHound

2021-09-07

/static/assets/windows-logo.svg
Ingress, load, and run the SharpHound collector.
JXA Access

2021-08-24

/static/assets/apple-logo.svg
Use JXA to load a file-less agent into memory and create persistence mechanisms on OS X.
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.
Ransomware

2021-08-10

/static/assets/windows-logo.svg/static/assets/linux-logo.svg/static/assets/apple-logo.svg
Deploy a safe cross-platform ransomware attack.
GhostLoader

2021-07-06

/static/assets/windows-logo.svg
Use the "GhostLoader" technique to run assemblies compiled on the target system.